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About This Guide 


This Novell GroupWise 2012 Administration Guide helps you maintain all components of your 
GroupWise system. The guide is divided into the following sections: 


+ 


+ 


+ 


+ 


+ 


+ 


+ 


Part I, “System,” on page 35 

Part II, “Domains,” on page 129 

Part III, “Post Offices,” on page 171 

Part IV, “Users,” on page 217 

Part V, “Resources,” on page 263 

Part VI, “Distribution Lists, Groups, and Organizational Roles,” on page 279 
Part VII, “Libraries and Documents,” on page 313 
Part VIII, “Databases,” on page 395 

Part IX, “Post Office Agent,” on page 469 

Part X, “Message Transfer Agent,” on page 619 
Part XI, “Document Viewer Agent,” on page 709 
Part XII, “Internet Agent,” on page 741 

Part XIII, “WebAccess,” on page 893 

Part XIV, “Calendar Publishing Host,” on page 921 
Part XV, “Monitor,” on page 939 

Part XVI, “Client,” on page 1013 

Part XVII, “Security Administration,” on page 1095 
Part XVIII, “Security Policies,” on page 1149 

Part XIX, “Appendixes,” on page 1161 


For troubleshooting assistance, see: 


+ 


+ 


+ 


GroupWise 2012 Troubleshooting 1: Error Messages 

GroupWise 2012 Troubleshooting 2: Solutions to Common Problems 
GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure 
Novell Support and Knowledgebase (http://www.novell.com/support) 


To search the GroupWise documentation from the Novell Support Web site, click Advanced 
Search, select Documentation in the Search In drop-down list, select GroupWise in the Products 
drop-down list, type the search string, then click Search. 


GroupWise Support Forums (http://forums.novell.com/forumdisplay.php? &f=356) 
GroupWise Support Community (http://www.novell.com/support/products/groupwise) 


GroupWise Cool Solutions (http://www.novell.com/coolsolutions/gwmag/index.html) 
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Audience 


This guide is intended for those who administer a GroupWise system on Linux or Windows. Some 
background knowledge of the host operating system is assumed. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comment feature at the bottom of each page of the 
online documentation. 


Additional Documentation 


For additional GroupWise documentation, see the following guides at the Novell GroupWise 2012 
documentation Web site (http://www.novell.com/documentation/beta/groupwise2012): 


+ 


+ 


+ 


Installation Guide 

Server Migration Guide 

Administration Guide 

Multi-System Administration Guide 
Interoperability Guide 

Troubleshooting Guides 

GroupWise User Freguently Asked Ouestions (FAO) 
GroupWise User Guides 

GroupWise User Ouick Starts 
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+ Chapter 1, “GroupWise System Administration,” on page 37 
* Chapter 2, “ConsoleOne Administration Tool,” on page 39 

+ Chapter 3, “GroupWise View,” on page 61 

+ Chapter 4, “GroupWise System Operations,” on page 69 

+ Chapter 5, “GroupWise Utilities,” on page 95 

* Chapter 6, “GroupWise Address Book,” on page 105 

+ Chapter 7, “Multilingual GroupWise Systems,” on page 123 


For additional assistance in managing your GroupWise system, see GroupWise Best Practices (http:// 
wiki.novell.com/index.php/GroupWise). 


System 35 


36 GroupWise 2012 Administration Guide 


GroupWise System Administration 


Asa GroupWise system administrator, it is your responsibility to keep your GroupWise system 
running smoothly for your GroupWise users. This GroupWise 2012 Administration Guide provides a 
wealth of information to help you accomplish this task. This System section provides an overview of 
the GroupWise administration tool, ConsoleOne, and its capabilities. It summarizes administrative 
tasks that affect your GroupWise system as a whole and provides links to more specialized 
instructions. 


The following sections of the Administration Guide detail the eDirectory objects where GroupWise 
information is stored. Instructions are provided for creating and managing all GroupWise object 


types. 

+ “Domains” on page 129 

+ “Post Offices” on page 171 

+ “Users” on page 217 

+ “Resources” on page 263 

+ “Distribution Lists, Groups, and Organizational Roles” on page 279 
The following sections of the Administration Guide detail the GroupWise software components that 
make your GroupWise system run. Instructions are provided for configuring, monitoring, and 
optimizing each software component. 

+ “Post Office Agent” on page 469 

+ “Message Transfer Agent” on page 619 

+ “Document Viewer Agent” on page 709 

+ “Internet Agent” on page 741 

+ “WebAccess” on page 893 

+ “Monitor” on page 939 

+ “Calendar Publishing Host” on page 921 
The following additional sections of the Administration Guide provide supporting details and 
background information: 

+ “Libraries and Documents” on page 313 

+ “Databases” on page 395 

+ “Client” on page 1013 

+ “Security Administration” on page 1095 

+ “Security Policies” on page 1149 
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2.1 


ConsoleOne Administration Tool 


GroupWise is administered using ConsoleOne, a Java-based tool for managing your network and its 
resources. When you create your GroupWise system, GroupWise snap-ins are added to your 
ConsoleOne installation and GroupWise objects are created in Novell eDirectory. As you manage 
your GroupWise system, you use ConsoleOne to create additional GroupWise objects, modify 
GroupWise object properties, and so on. 


IMPORTANT: Because the GroupWise snap-ins to ConsoleOne are reguired in order to work with 
GroupWise objects, you cannot use other network management tools, such as Novell iManager, to 
administer your GroupWise system. Also, you should not use older network management tools, such 
as NetWare Administrator, to administer your GroupWise system, unless your GroupWise system 
includes legacy gateways that reguire such tools to administer the corresponding Gateway objects 
and their properties. 


Because GroupWise is a cross-platform product, you might have components of your GroupWise 
system located on Linux servers, Windows servers, and legacy NetWare servers. You can run 
ConsoleOne on Linux or Windows to manage GroupWise domains and post offices located on any of 
these platforms. 

+ Section 2.1, “ConsoleOne on Linux,” on page 39 

+ Section 2.2, “ConsoleOne on Windows,” on page 46 

+ Section 2.3, “ConsoleOne in a Multiple-Platform Environment,” on page 48 


+ Section 2.4, “Remote Access to ConsoleOne on a Linux Server,” on page 56 


NOTE: Starting in GroupWise 2012, NetWare is not a supported platform for the GroupWise agents. 
However, the GroupWise Windows agents can be used to access domains and post offices located on 
NetWare servers. ConsoleOne can still administer GroupWise databases located on NetWare servers. 


ConsoleOne on Linux 


+ Section 2.1.1, “Installing Linux ConsoleOne,” on page 40 


+ Section 2.1.2, “Installing the Group Wise Administrator Snap-Ins to Linux ConsoleOne,” on 
page 40 


+ Section 2.1.3, “Enabling File Locking on OES Linux,” on page 41 
+ Section 2.1.4, “Starting Linux ConsoleOne,” on page 41 
+ Section 2.1.5, “Mounting a Linux File System for a Domain or a Post Office,” on page 42 


+ Section 2.1.6, “Changing the Linux Mount Directory,” on page 46 


ConsoleOne Administration Tool 39 


2.1.1 Installing Linux ConsoleOne 


You can install Linux ConsoleOne on any server that meets the system reguirements listed in 
“GroupWise Administration Reguirements” in “GroupWise Product Overview” in the GroupWise 
2012 Installation Guide. 


You must install the version of Linux ConsoleOne that is included in the downloaded GroupWise 2012 
software image in the consoleone/Linux subdirectory. Under some circumstances, an older version 
of ConsoleOne might already be installed. 

1 In a terminal window, become root by entering su - and the root password. 


2 Makethe downloaded GroupWise 2012 software image available on the Linux server where you 
want to install ConsoleOne. 


3 Install the IBM JRE that is required for use with ConsoleOne: 
3a Change to the admin subdirectory of the software image. 
3b Install IBM JRE 1.5: 


rpm -i NOVLc1Linuxjre-1.5.0-11.1586.Crpm 
4 Change to the consoleone/Linux subdirectory of the software image. 
5 Checkto see if an older version of ConsoleOne is already installed on the Linux server: 
1s /usr/ConsoleOne 


6 (Conditional) If the ConsoleOne directory exists, uninstall ConsoleOne: 


./cl-uninstall 

7 Install the GroupWise 2012 version of ConsoleOne: 
./cl-install 

8 Enter the numbers for the languages that you want to install. 


9 Enter 3 to install the LDAP snap-in. 


10 Decline the installation of the bundled JRE 1.4.2, which is incompatible with the JRE installed in 
Step 3 above. 


ConsoleOne, along with other supporting packages, is then installed to /usr/ConsoleOne. 


11 Continue with Installing the GroupWise Administrator Snap-Ins to Linux ConsoleOne. 


2.1.2 Installing the GroupWise Administrator Snap-Ins to Linux ConsoleOne 


After Linux ConsoleOne is installed, use the GroupWise Installation program to install the 
GroupWise Administrator snap-ins to ConsoleOne to the ConsoleOne installation on that server. 


1 Mount the primary domain directory of your GroupWise system to the server where you are 
installing the GroupWise Administrator snap-ins to ConsoleOne. 


If you need assistance with this task, see Section 2.1.5, “Mounting a Linux File System for a 
Domain or a Post Office,” on page 42 


2 Change to the root of the GroupWise 2012 software image. 
3 Start the GroupWise Installation program: 
./install 


4 Select the language in which you want to run the GroupWise Installation program, then click 
OK. 
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Click Install Products > GroupWise Administration. 
Click Install Administration, then click OK when installation is complete. 
Click Configure Administration. 


Review the introduction, then click Next. 
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Accept the License Agreement, then click Next. 
10 Click Next to accept the default software distribution directory: 


/opt/novell/groupwise/software 
11 Select GroupWise Administration, then click Next. 
12 When the software has been copied to the software distribution directory, click Next. 
13 Click Next to accept the default of Updating an existing GroupWise system. 


14 Browse to and select the primary domain directory for your GroupWise system, then click 
Update. 


15 Exit the GroupWise Administration program. 


For convenience, ConsoleOne and the GroupWise Administrator snap-ins should be installed on 
each Linux server where a domain is located. For some administration tasks, ConsoleOne on the 
local server needs to have remote servers mounted. For more information, see Section 2.1.5, 
“Mounting a Linux File System for a Domain or a Post Office,” on page 42. 


16 (Conditional) If you installed ConsoleOne on Open Enterprise Server (OES) Linux, continue 
with Enabling File Locking on OES Linux 


or 


(Conditional) If you installed ConsoleOne on SUSE Linux Enterprise Server (SLES), skip to 
Section 2.1.4, “Starting Linux ConsoleOne,” on page 41 


2.1.3 Enabling File Locking on OES Linux 


(Conditional) If you have installed ConsoleOne on OES Linux: 
1 As root, edit the following file: 
/etc/opt/novell/ncpserv.conf 
2 Add the following line at the bottom of the file: 
CROSS PROTOCOL LOCKS 1 
3 Restart the Novell eDirectory daemon: 
rcndsd restart 


4 Continue with Starting Linux ConsoleOne. 


2.1.4 Starting Linux ConsoleOne 


1 Make sure that any domain directories and post office directories that you want to access from 
ConsoleOne are mounted to your local Linux server. 


If you need assistance with this task, see Section 2.1.5, “Mounting a Linux File System for a 
Domain or a Post Office,” on page 42 


2 As root, enter the following command: 


/usr/ConsoleOne/bin/ConsoleOne 
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2.1.5 


IMPORTANT: Do not start ConsoleOne using the desktop icon. You cannot access the properties of 
GroupWise objects in eDirectory if you start ConsoleOne from the Linux desktop. 


Mounting a Linux File System for a Domain or a Post Office 


To administer a domain that is located on a remote Linux server, you must mount the domain 
directory to the local Linux server. To administer a post office that is located on a remote Linux 
server, the domain directory for the owning domain and the post office directory must both be 
mounted to the local Linux server. In addition, you might also want to mount the primary domain 
server to each secondary domain server, so that administrative messages can flow from one 
secondary domain to another through the primary domain. 

+ “Working with the Linux Mount Directory” on page 42 

+ “Mounting an OES Linux File System Using NetWare Core Protocol (NCP)” on page 42 


+ “Mounting a SLES File System Using Samba” on page 43 


Working with the Linux Mount Directory 


The first time you run Linux ConsoleOne on a server, you are prompted to provide a Linux mount 
directory on that server. The default location is /mnt. For more information, see “Linux Mount 
Directory” in “Planning a Basic GroupWise System” in the GroupWise 2012 Installation Guide. For 
convenience, you can later change the Linux mount directory, as described in Section 2.1.6, 
“Changing the Linux Mount Directory,” on page 46. 


Underneath the Linux mount directory, you must create a subdirectory for each file system where a 
domain or post office resides on a remote Linux server, that you want to be able to access from Linux 
ConsoleOne on the local Linux server. For example, if you have a domain directory named provo1 on 
a remote Linux server, you would create a provo1 subdirectory under /mnt onthe local Linux server 
where you want to run ConsoleOne. 


Mounting an OES Linux File System Using NetWare Core Protocol (NCP) 


+ “Configuring NCP” on page 42 
+ “Mounting an NCP Volume” on page 43 


Configuring NCP 
1 Ina terminal window on the OES Linux server, become root by entering su - and the root 
password. 


2 Ifyouare creating a new domain or post office, create the directory where you want to create the 
GroupWise domain and/or post office. 


or 


If you are not creating a new domain or post office, make sure you know where the existing 
directory is located. 


3 Enter the following command to create the NCP volume: 
ncpcon create volume volume name /directory 


3a Replace volume name with a unigue name for the location where you want to create the 
GroupWise domain and/or post office. 


3b Replace directory with the directory referenced in Step 2. 
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4 Verify that the volume has been created: 


more /etc/opt/novell/ncpserv.conf 
The new volume should be listed at the end of the NCP server configuration file. 


5 Restartthe Novell eDirectory daemon: 
rcndsd restart 


6 Continue with Mounting an NCP Volume. 


Mounting an NCP Volume 
1 Usethe following command to mount the NCP volume to the OES Linux server: 


ncpmount -S fully gualified hostname -V volume name -A ip address 
-U fully gualified administrator user /linux mount directory 


la Replace fully gualified hostname with the name of the remote Linux server that you 
are mounting to the local Linux server, such as provol .novell.com. 


1b Replace volume name with the name of the NCP volume that you created in Step 3 in 
“Configuring NCP” on page 42. 


1c Replace ip address with the IP address of the remote server specified in Step 1a above. 


1d Replace linux mount directory with the full path for the directory that you created in 
“Working with the Linux Mount Directory” on page 42. 


2 Create a script in the /mnt directory containing the resulting mount command, then run the 
script. 


3 Change to the domain or post office directory that you have mounted, then enter the following 
command: 


touch test 


This creates a file named test across the mount and shows that ConsoleOne can also write 
across the mount. 


4 To make the mount persistent, so that it is automatically available whenever you reboot the 
Linux server, edit the /etc/fstab (http://en.wikipedia.org/wiki/Fstab) file with the same 
information that you used in the mount command. 


Mounting a SLES File System Using Samba 


+ “Identifying the Directory Structure for the Samba Share” on page 44 

+ “Preparing Your Firewall to Allow Samba Connections” on page 44 

+ “Configuring the Samba Server” on page 44 

+ “Configuring the Samba Web Administration Tool (SWAT)” on page 44 
+ “Accessing SWAT” on page 44 

+ “Setting the Samba Password” on page 45 

+ “Creating a Samba Share” on page 45 

* “Mounting a Samba Share” on page 45 
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Identifying the Directory Structure for the Samba Share 


1 Ina terminal window on the SLES server, become root by entering su - and the root password. 


2 Ifyou are creating a new domain or post office, create the directory structure new domain and/ 
or post office. 


Or 


If you are not creating a new domain or post office, make sure you know where the existing 
directory is located. 


3 Continue with Preparing Your Firewall to Allow Samba Connections. 


Preparing Your Firewall to Allow Samba Connections 


1 In YaST, click Security and Users > Firewall, then click Interfaces. 
2 Click Change, select Internal Zone, then click OK. 
3 Click Next to view the summary, then click Finish. 


4 Continue with Configuring the Samba Server. 


Configuring the Samba Server 


1 In YaST, click Network Services > Samba Server. 
2 Specify a workgroup or domain name, then click Next. 


For use in your GroupWise system, the Samba server does not need to be part ofa workgroup or 
domain, so it does not matter what you put inthis field. For example, you could use 
GWSYSTEM. 


3 Select Nota Domain Controller, then click Next. 
For use in your GroupWise system, the Samba server does not need to be a domain controller. 
4 Under Service Start, select During Boot. 


Because you prepared the firewall in “Preparing Your Firewall to Allow Samba Connections” on 
page 44, the Firewall Settings section shows that the firewall port for Samba is already open. 


5 Click OK to finish the basic configuration of the Samba server. 
6 Continue with Configuring the Samba Web Administration Tool (SWAT). 


Configuring the Samba Web Administration Tool (SWAT) 


1 In YaST, click Network Services > Network Services (xinetd). 

2 Select Enable. 

3 Inthe Currently Available Services list, select swat, then click Toggle Status (On or Off). 
SWAT is off by default; this turns it on. 

4 Click Finish. 

5 Continue with Accessing SWAT. 


Accessing SWAT 
1 Display SWAT in your Web browser with the following URL: 


http: //localhost:901 


2 Specify the root user name and password, then click OK. 
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On the SWAT toolbar, click Status to verify that smbd and nmbd are running. 
It is not necessary for winbindd to be running. 


Continue with Setting the Samba Password. 


Setting the Samba Password 


1 


2 


3 


On the SWAT toolbar, click Password. 
The User Name field defaults to root. 
Type, then retype, the root password, then click Add New User. 


This sets up root as a Samba user, so that Samba mounts have the read/write access reguired by 
ConsoleOne. 


Continue with Creating a Samba Share. 


Creating a Samba Share 


1 


N © oF ff 


On the SWAT toolbar, click Shares. 


In the Create Share field, type a unique name for the share, such as gwsystem, then click Create 
Share. 


In the Path field, specify the directory referenced in “Identifying the Directory Structure for the 
Samba Share” on page 44. 


In the Read Only field, select No. 
In the Available field, select Yes. 
Click Commit Changes. 


Continue with Mounting a Samba Share. 


Mounting a Samba Share 


1 


2 


Use the appropriate command to mount the Samba share to the SLES server where you want to 
run ConsoleOne: 


SLES 11: mount -t cifs //fully qualified hostname/windows share name 
/linux mount directory -o username=root,noserverino 


The noserverino option uses client-generated inode numbers instead of server-generated 
inode numbers, which produces a more reliable CIFS mount. 


SLES 10: mount -t smbfs //fully qualified hostname/windows share name 
/linux mount directory -o username=root 


NOTE: The SLES 11 mount command does not accept smbfs as a valid mount type. CIFS (http:// 
en.wikipedia.org/wiki/Cifs) (Common Internet File System) is an update to the SMB (http:// 
en.wikipedia.org/wiki/Server Message Block) (Samba) protocol. 


la Replace fully gualified hostname with the name of the server that you are mounting 
the local server, such as provoi.novell.com. 


1b Replace share name with the name of the Samba share that you created in “Creating a 
Samba Share” on page 45. 


1c Replace linux mount directory with the full path for the directory that you created in 
“Identifying the Directory Structure for the Samba Share” on page 44. 


Create a scriptin the /mnt directory with the resulting mount command, then run the script. 
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2.2.1 


3 Change to the domain or post office directory that you have mounted, then enter the following 
command: 


touch test 


This creates a file named test across the mount and shows that ConsoleOne will also be able to 
write across the mount. 


4 To make the mount persistent, so that it is automatically available whenever you reboot the 
Linux server, edit the /etc/fstab (http://en.wikipedia.org/wiki/Fstab) file with the same 
information that you used in the mount command. 


Changing the Linux Mount Directory 


During creation of your basic GroupWise system, you established a Linux mount directory on the 
server where you created your basic GroupWise system, as described in “Selecting a Linux Mount 
Directory” in “Installing a Basic Group Wise System” in the GroupWise 2012 Installation Guide. The 
mount directory information is stored in the .consoleone/SnapinPrefs.ser file in the /root 
directory, which is the home directory for the root user. 


To change the mount directory later in ConsoleOne: 


1 Click Tools > GroupWise System Operations. 
2 Click System Preferences > Linux Settings. 


3 Inthe Linux Mount Directory field, browse to and select the desired mount directory, then click 
OK. 


ConsoleOne on Windows 


You can run Windows ConsoleOne on any Windows server or workstation that meets the 
reguirements listed in “GroupWise Administration Reguirements” in the GroupWise 2012 Installation 
Guide. 

+ Section 2.2.1, “Installing ConsoleOne and the GroupWise Snap-Ins on Windows,” on page 46 

+ Section 2.2.2, “Configuring Your Windows Machine for ConsoleOne,” on page 47 

+ Section 2.2.3, “Starting ConsoleOne on Windows,” on page 47 

+ Section 2.2.4, “Mapping a Drive for a New Domain or Post Office,” on page 47 


Installing ConsoleOne and the GroupWise Snap-Ins on Windows 


When you created your basic GroupWise system using the GroupWise Installation program 
(install.exe), the Group Wise Administrator snap-ins to ConsoleOne were installed to the 
ConsoleOne installation on that server, along with ConsoleOne itself if necessary. 


After you setup your basic GroupWise system, you can use the GroupWise Installation program to 
install ConsoleOne and the GroupWise Administrator snap-ins from the GroupWise 2012 software 
image to additional Windows servers and workstations as needed. 


1 Makethe downloaded GroupWise 2012 software image available on the Windows machine 
where you want to install ConsoleOne and the GroupWise Administrator snap-ins. 
2 Startthe GroupWise Installation program (setup.exe) at the root of the software image. 


3 Selectthe language in which you want to run the GroupWise Installation program, then click 
OK. 
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2.2.4 
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Click Install GroupWise System, then click Yes to accept the License Agreement. 
Click Next to accept the default of a Standard installation. 

Click Install individual components, deselect GroupWise Agents, then click Next. 
Deselect Copy files to a software distribution directory, then click Next. 


(Conditional) If ConsoleOne is not already installed on the Windows machine, click Install 
ConsoleOne, then follow the prompts to install ConsoleOne. 


Click Next to accept the default location of the ConsoleOne software: 
c:\novell\consoleone\1.2 


Or 


Browse to and select the actual location of the ConsoleOne software on the Windows machine, 
then click Next. 


Review the settings you have selected, then click Install. 
When the installation is completed, click Finish. 


Download and install the LDAP snap-in for ConsoleOne from Novell Downloads (http:// 
download.novell.com/Download?buildid=FCT5LqrhcGI~). 


Configuring Your Windows Machine for ConsoleOne 


To ensure GroupWise database integrity across the network: 


1 
2 


Right-click N on the Windows taskbar, then click Novell Client Properties. 
Click Advanced Settings. 


3 Set File Caching to Off. 
4 Set File Commit to On. 
5 Click OK to save the new Novell Client settings, then reboot the Windows machine to put the 


new settings into effect. 


Starting ConsoleOne on Windows 


When you install ConsoleOne, a ConsoleOne icon is automatically created on your Windows desktop 
for starting ConsoleOne. You can also start it from the Windows Start menu. 


Mapping a Drive for a New Domain or Post Office 


In order to create a new domain in ConsoleOne, you must map a drive to the Windows server where 
you want to create the domain. If you want to create a new post office, you must also map a drive to 
the Windows server where you want to create the post office. 


1 Right-click the Computer object, then click Map network drive. 


2 Inthe Drive field, select the drive letter to use for the Windows server where you want to create 


the new domain or post office. 


3 In the Folder field, specify the location of the server in the following format: 


\\ip_address\share_name 


Replace ip address with the IP address of the Windows server. Replace share name with the 
name of the share that you have set up on the remote Windows server. 
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4 Select Reconnect at logon. 


(Conditional) If the user name and password reguired to access the remote Windows server are 
different from the user name and password for the local Windows server, select Connect using 
different credentials. 


6 Click Finish. 


7 (Conditional) If prompted, specify the administrator user name and password for the remote 
Windows server, then click OK. 


The mapped drive appears in Windows Explorer and can now be accessed from Windows 
ConsoleOne. 


ConsoleOne in a Multiple-Platform Environment 


If your GroupWise system includes both Linux and Windows, you can administer Linux domains 
and post office from Windows ConsoleOne and administer Windows domains and post offices from 
Linux ConsoleOne. 


NOTE: If your GroupWise system still includes NetWare domains and post offices, see “Migrating 
Away from NetWare” in “Update” in the GroupWise 2012 Installation Guide for NetWare-specific 
considerations. 


This section helps you set up the cross-platform connections that enable ConsoleOne to successfully 
access GroupWise databases on any platform. 


+ Section 2.3.1, “Using Linux ConsoleOne to Access Domains and Post Offices on Windows,” on 
page 48 


+ Section 2.3.2, “Using Windows ConsoleOne to Access Domains and Post Offices on Linux,” on 
page 50 


Using Linux ConsoleOne to Access Domains and Post Offices on 
Windows 


In order for you to be able to use Linux ConsoleOne to administer domains and post offices that are 
located on Windows, the domain and post office directories on the Windows servers must be 
mounted as Linux filesystems. 

+ “Working with the Linux Mount Directory” on page 49 

+ “Making a Windows Server Visible in Linux ConsoleOne” on page 49 


+ “Accessing a Domain or Post Office on NetWare or Windows from Linux ConsoleOne” on 
page 50 
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Working with the Linux Mount Directory 


The first time you run Linux ConsoleOne on a server, you are prompted to provide a Linux mount 
directory on that server. The default location is /mnt. For more information, see “Linux Mount 
Directory” in “Planning a Basic GroupWise System” in the GroupWise 2012 Installation Guide. For 
convenience, you can later change the Linux mount directory, as described in Section 2.1.6, 
“Changing the Linux Mount Directory,” on page 46. 


Underneath the Linux mount directory, you must create a subdirectory for each directory where a 
domain or post office resides on a Windows server, that you want to be able to access from Linux 
ConsoleOne. For example, if you have a domain directory named provo1 on a Windows server, you 
would create a provo1 subdirectory under /mnt on the Linux server where you want to run 
ConsoleOne. 


Making a Windows Server Visible in Linux ConsoleOne 


1 Use the appropriate command to mount the Windows share to the Linux server where you want 
to run ConsoleOne: 


SLES 11: mount -t cifs //fully gualified hostname/windows share name 
/linux mount directory 
-o username=windows administrator,noserverino 


The noserverino option uses client-generated inode numbers instead of server-generated 
inode numbers, which produces a more reliable CIFS mount. 


SLES 10: mount -t smbfs // fully qualified hostname/windows share name 
/linux mount directory -o username=windows administrator 


NOTE: The SLES 11 mount command does not accept smbfs as a valid mount type. CIFS (http:// 
en.wikipedia.org/wiki/Cifs) (Common Internet File System) is an update to the SMB (http:// 
en.wikipedia.org/wiki/Server. Message. Block) (Samba) protocol. 


la Replace fully gualified hostname with the name of the Windows server that you are 
mounting the Linux server where you want to run ConsoleOne, such as 
provol.novell.com. 


1b Replace share name with the name of the Windows share on the Windows server, such as 
C: 


1c Replace linux mount directory with the full path for the directory that you created in 
“Working with the Linux Mount Directory” on page 49. 


1d Replace windows_administrator with the user name of the administrator user of the 
Windows server, such as Administrator 


2 Create a script in the /mnt directory with the resulting mount command, then run the script. 
3 Change to the domain or post office directory that you have mounted, then enter the following 


command: 


touch test 


This creates a file named test across the mount and shows that Linux ConsoleOne will also be 
able to write across the mount. 


4 To make the mount persistent, so that it is automatically available whenever you reboot the 
Linux server, edit the /etc/fstab (http://en.wikipedia.org/wiki/Fstab) file with the same 
information that you used in the mount command. 
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Accessing a Domain or Post Office on NetWare or Windows from Linux 
ConsoleOne 


After you have made the Windows server visible from Linux: 


1 Mountthe domain directory to the Linux server. 

2 In Linux ConsoleOne, authenticate to the eDirectory tree where the Domain object is located. 
3 Click Tools > GroupWise System Operations > Select Domain. 

4 Browse to and select the domain directory, then click OK. 


You can now use Linux ConsoleOne to administer all GroupWise objects that belong to the domain 
that is located on Windows. 


Using Windows ConsoleOne to Access Domains and Post Offices on 
Linux 


In order for you to be able to use Windows ConsoleOne to administer domains and post offices that 
are located on Linux, the Linux servers where the domains and post offices are located must be 
accessible from Windows. To make a Linux server visible from Windows, you need to configure it so 
that you can map a drive to it as if it were a Windows server. There are a variety of ways to 
accomplish this. 
+ “Using NetWare Core Protocol to Connect from Windows to an OES Linux Server” on page 50 
+ “Using Samba to Connect from Windows to an OES Linux Server” on page 52 


+ “Using Samba to Connect from Windows to a SLES Server” on page 54 


Using NetWare Core Protocol to Connect from Windows to an OES Linux Server 


On OES Linux, if you are using the ext3 or reiserfs filesystem, you use Novell Core Protocol (NCP) to 
configure the Linux server for access from Windows. Then, on Windows, you use the Novell Map 
Network Drive feature to map a drive from Windows to the Linux filesystem where the domain or 
post office is located. 

+ “Configuring the OES Linux Server for NCP Access from Windows” on page 50 


* “Mapping a Windows Drive to the NCP Volume” on page 51 


Configuring the OES Linux Server for NCP Access from Windows 


1 Ina terminal window on the OES server, become root by entering su - and the root password. 


2 Ifyouare creating a new domain or post office on the OES Linux server, create the base directory 
where you want to use Windows ConsoleOne to create the domain and/or post office directory 
structure. 


Or 


If you are not creating a new domain or post office on the OES Linux server, make sure you 
know where the existing base directory is located. 


3 Enterthe following command to create the NCP volume on the OES Linux server: 
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ncpcon create volume volume name /directory 


3a Replace volume name with a unigue name for the location where you want to create the 
domain and/or post office directory structure 


3b Replace directory with the directory referenced in Step 2 above. 


4 Verify that the volume has been created: 
more /etc/opt/novell/ncpserv.conf 


The new volume should be listed at the end of the NCP server configuration file. 


5 Enable cross-protocol locks so that Windows ConsoleOne can safely access GroupWise 
databases across the connection between Windows and Linux: 


5a Enter the following command 


ncpcon set cross protocol locks=1 
or 


Add the following line at the bottom of the ncpserve. conf file: 
CROSS PROTOCOL LOCKS 1 


5b Restartthe Novell eDirectory daemon: 


rcndsd restart 


6 Continue with Mapping a Windows Drive to the NCP Volume. 
Mapping a Windows Drive to the NCP Volume 


1 Onthe Windows server, right-click N on the Windows taskbar, then click Novell Map Network 
Drive. 


2 Selectthe drive letter to map to the NCP volume on the OES Linux server. 


3 Specify the network path to the NCP volume in the following format: 
\\linux hostname\ncp volume 


3a Replace linux hostname with the hostname of the OES Linux server. 
3b Replace ncp volume with the name of the NCP volume that you just created. 


4 For the network user name, specify the fully qualified administrator user name for eDirectory., 
such as admin.users.novell. 


5 Select Check to always map this drive letter when you start Windows. 
6 Click Map. 
7 (Conditional) If prompted, log in to eDirectory: 
7a In the Password, specify the eDirectory password for the administrator user. 


7b In the Context field, specify the eDirectory context where the administrator User object is 
located. 


8 Click OK. 


The mapped drive to the OES Linux server opens in Windows Explorer and can now be accessed 
from Windows ConsoleOne. 
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Using Samba to Connect from Windows to an OES Linux Server 


On OES Linux, if you are using the Novell Storage Services (NSS) filesystem, you use Samba to create 
the connection between Linux and Windows. Then, on Windows, you use the Novell Map Network 
Drive feature to map a drive from Windows to the Samba share. 

+ “Identifying the Directory Structure for the Samba Share” on page 52 

+ “Installing Samba” on page 52 

+ “Logging In to iManager” on page 52 

+ “Configuring the eDirectory Universal Password for Samba” on page 53 

+ “Setting the eDirectory Universal Password for the Samba Administrator User” on page 53 

+ “Creating a Samba Share” on page 53 

+ “Setting the eDirectory Rights for the Samba Share” on page 53 

+ “Testing Samba on the OES Server” on page 53 

* “Mapping a Windows Drive to the Samba Share on the OES Linux Server” on page 54 


Identifying the Directory Structure for the Samba Share 
1 Ina terminal window on the OES Linux server, become root by entering su - and the root 
password. 


2 If you are creating a new domain or post office, create the base directory for the new domain 
and/or post office. 


or 


If you are not creating a new domain or post office, make sure you know where the existing 
directory is located. 


3 Continue with Installing Samba. 


Installing Samba 
If you installed Samba when you installed OES Linux, skip to “Logging In to iManager” on page 52. 
If you did not install Samba when you installed OES Linux, install it now: 

1 Start YaST. 

2 Under Groups, click Open Enterprise Server, then click OES Install and Configuration. 

3 Under OES Services, select Novell Samba, then click Accept. 


4 Follow the prompts to install Novell Samba. 
5 Continue with Logging In to iManager. 


Logging In to iManager 


1 Access the following URL: 


https://ip address/nps/servlet/webacc?taskid=fw Startup 
Replace ip_address with the IP address of the OES Linux server. 


2 Specify the eDirectory administrator user name, such as admin . users .novel1, the password for 
the user name, and the IP address of the eDirectory tree, then click Login. 


3 Continue with Configuring the eDirectory Universal Password for Samba. 
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Configuring the eDirectory Universal Password for Samba 


1 In iManager, click Passwords > Password Policies. 
2 Click Samba Default Password Policy. 


3 Onthe Policy Assignment tab, browse to and click the name of the administrator User object that 
you want to administer the Samba share, then click OK to add the user to the list. 


4 Click OK to complete the process. 


5 Continue with Setting the eDirectory Universal Password for the Samba Administrator User. 


Setting the eDirectory Universal Password for the Samba Administrator User 


1 Under Passwords, click Set Universal Password. 
2 Browse to and click the name of the Samba administrator User object, then click OK. 


3 Specify the password for the Samba administrator user, retype the password for confirmation, 
then click OK. 


4 Click Passwords to close the Passwords menu. 


5 Continue with Creating a Samba Share. 


Creating a Samba Share 


1 Click File Protocols, then click Samba. 
2 Browse to and click the name of the Server object where you are setting up the Samba share. 


3 Onthe Shares tab, create a new Samba share for the directory on the Linux server reference in 
“Identifying the Directory Structure for the Samba Share” on page 52: 


3a Click New. 
3b Specify a unigue name for the Samba share, such as gwsystem. 


3c Specify the full path name on the Linux server for the domain or post office, click OK to add 
the location to the list of Samba shares, then click Close. 


3d Click File Protocols to close the File Protocols menu. 


4 Continue with Setting the eDirectory Rights for the Samba Share. 


Setting the eDirectory Rights for the Samba Share 


1 Click Files and Folders, then click Properties. 


2 Browse to and click the name of the Linux partition or directory where you created the new 
share, then click OK. 


3 Click Rights. 


4 Inthe Add Trustee field, browse to and click the name of the Samba administrator User object, 
then click OK. 


5 Grantall file system rights to the Samba administrator user, then click OK. 
6 Continue with Testing Samba on the OES Server. 
Testing Samba on the OES Server 


1 Double-click the Home Directory icon on the Linux desktop. 
2 Click B 
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3 Inthe Location field, type smb://user name@ip address 
3a Replace user name with the user name of the Samba administrator user. 
3b Replace ip address with the IP address of the Linux server. 


The File Browser should display all Samba shares, including the new one that you created 
for the domain and/or post office. 


4 Continue with Mapping a Windows Drive to the Samba Share on the OES Linux Server. 


Mapping a Windows Drive to the Samba Share on the OES Linux Server 


1 In Windows Explorer, right-click the Computer object, then click Map network drive. 
2 Inthe Drive field, select the drive letter for the new Samba share. 


3 Inthe Folderfield, specify the location of the Samba share in the following format: 


\\ip address\share name 
3a Replace ip address with the IP address of the Linux server. 
3b Replace share name with the name of the new Samba share. 
4 Select Reconnect at logon. 
5 Select Connect using different credentials. 
6 Specify the Samba administrator user name and password, then click OK. 


The Samba share for the OES Linux file system opens in Windows Explorer and can now be 
accessed from Windows ConsoleOne. 


Using Samba to Connect from Windows to a SLES Server 


On SLES, you use YaST and the Samba Web Administration Tool (SWAT) to configure Samba. Then 
you use the Windows Map Network Drive feature to map a drive from Windows to the Samba share. 

+ “Identifying the Directory Structure for the Samba Share” on page 54 

+ “Preparing Your Firewall to Allow Samba Connections” on page 55 

+ “Configuring the Samba Server” on page 55 

+ “Configuring the Samba Web Administration Tool (SWAT)” on page 55 

+ “Accessing SWAT” on page 55 

+ “Creating a Samba Share” on page 55 

* “Mapping a Windows Drive to the Samba Share on the SLES Server” on page 56 


Identifying the Directory Structure for the Samba Share 


1 Ina terminal window on the OES server, become root by entering su - and the root password. 


2 If you are creating a new domain or post office, create the base directory for the new domain 
and/or post office directory structure. 


Or 


If you are not creating a new domain or post office, make sure you know where the existing 
directory is located. 


3 Continue with Preparing Your Firewall to Allow Samba Connections. 
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Preparing Your Firewall to Allow Samba Connections 


1 
2 
3 
4 


In YaST, click Security and Users > Firewall, then click Interfaces. 
Click Change, select Internal Zone, then click OK. 
Click Next to view the summary, then click Finish. 


Continue with Configuring the Samba Server. 


Configuring the Samba Server 


1 


In YaST, click Network Services > Samba Server. 


2 Specify a workgroup or domain name, then click Next. 


For use in your GroupWise system, the Samba server does not need to be part of a workgroup or 
domain, so it does not really matter what you put in this field. For example, you could use 
GWSYSTEM. 


Select Not a Domain Controller, then click Next. 
For use in your GroupWise system, the Samba server does not need to be a domain controller. 
Under Service Start, select During Boot. 


Because you prepared the firewall in “Preparing Your Firewall to Allow Samba Connections” on 
page 55, the firewall port for Samba is already open. 


5 Click OK to finish the basic configuration of the Samba server. 
6 Continue with Configuring the Samba Web Administration Tool (SWAT). 


Configuring the Samba Web Administration Tool (SWAT) 


1 
2 
3 


In YaST, click Network Services > Network Services (xinetd). 

Select Enable. 

In the Currently Available Services list, select swat, then click Toggle Status (On or Off). 
SWAT is off by default. This turns it on. 


4 Click Finish. 


5 


Continue with Accessing SWAT. 


Accessing SWAT 


1 


2 
3 


Display SWAT in your Web browser with the following URL: 
http: //localhost:901 


Specify the root user name and password, then click OK. 
On the SWAT toolbar, click Status to verify that smbd and nmbd are running. 


It is not necessary for winbindd to be running. 


4 Continue with Creating a Samba Share. 


Creating a Samba Share 


1 
2 


On the SWAT toolbar, click Shares. 


In the Create Share field, type a unique name for the share, such as gwsystem, then click Create 
Share. 
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3 Inthe Pathfield, specify the directory that you created in “Identifying the Directory Structure for 
the Samba Share” on page 54. 


4 Inthe Read Only field, select No. 
5 Inthe Available field, select Yes. 
6 Click Commit Changes. 


Mapping a Windows Drive to the Samba Share on the SLES Server 


1 Onthe Windows desktop, right-click the Computer object, then click Map network drive. 
2 Inthe Drive field, select the drive letter for the new Samba share. 


3 In the Folder field, specify the location of the Samba share in the following format: 


\\ip address\share name 
3a Replace ip address with the IP address of the Linux server. 
3b Replace share name with the name of the new Samba share. 
4 Select Reconnect at logon. 
5 Select Connect using different credentials. 
6 Specify the Samba administrator user name and password, then click OK. 


The Samba share on the SLES server opens in Windows Explorer and can now be accessed from 
Windows ConsoleOne. 


Remote Access to ConsoleOne on a Linux Server 


If your GroupWise system includes domains on Linux servers, file system mounts are required for a 
few specific GroupWise administration tasks. However, you can perform the bulk of typical domain, 
post office, and user administration without needing file system mounts between Linux servers 
where domains and post offices reside. You can perform these administration tasks from either Linux 
or Windows. 

+ Section 2.4.1, “Administrative Tasks Requiring File System Mounts,” on page 56 

+ Section 2.4.2, “Remote ConsoleOne Access with a VNC Client,” on page 57 


+ Section 2.4.3, “Remote ConsoleOne Access with a Secure Shell (SSH) Connection,” on page 58 


Administrative Tasks Requiring File System Mounts 


ConsoleOne requires file system mounts to both the primary domain database and a secondary 
domain database simultaneously to perform the following tasks: 

+ Create Domain 

+ Rebuild Domain Database 

¢ Sync Primary with Secondary 

¢ Replace Primary with Secondary 

+ Merge/Release 


For more information, see Section 4.1.2, “Understanding the Need for Domain Connections,” on 
page 71. 
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Aside from these fairly specialized administrative tasks, you can connect directly to a secondary 
domain database on a Linux server from either Linux or Windows, and then run Linux ConsoleOne 
to conveniently perform other GroupWise administration tasks remotely. 


Remote ConsoleOne Access with a VNC Client 


Remote administration can be made possible by using a VNC (Virtual Network Connection) client 
where you want to run ConsoleOne (on either Linux or Windows) and by enabling Remote 
Administration on each remote Linux server where you need to access a domain database. 

+ “Selecting a VNC Client” on page 57 

+ “Enabling Remote Administration” on page 57 


+ “Using Your VNC Client on Linux or Windows to Run ConsoleOne on the Linux Server” on 
page 58 


Selecting a VNC Client 


Many VNC clients are available for use on Linux and Windows. To investigate your options, you can 
google “VNC clients”. Review their capabilities and select one that appeals to you. RealVNC is a 
common favorite. Install the VNC client where you want to run ConsoleOne with direct access to 
remote Linux servers. 


Enabling Remote Administration 


By default, Linux servers do not allow remote administration for understandable security reasons. To 
use your VNC client, you must enable Remote Administration on each remote Linux server. 


1 In YaST: 
la (Conditional) On OES, click Network Devices > Remote Administration. 
or 
1b (Conditional) On SLES, click Network Services > Remote Administration. 
2 Select Allow Remote Administration. 


If your firewall is properly configured, Open Port in Firewall is selected by default. The default 
port number used for remote administration is 5901. 


3 (Conditional) If Open Port in Firewall is not selected: 
ga Click Abort to cancel Remote Administration setup. 
3b Click Security and Users > Firewall. 
3c Intheleft pane, click Interfaces, then click Change to configure the firewall interface. 


3d Inthe Interface Zone drop-down list, select the zone appropriate for the Linux server where 
you are enabling Remote Administration, then click OK. 


3e Click Next to list your current firewall settings, then click Finish to put the updated setting 
into effect. 


3f Return to Step 1 to enable Remote Administration. 


4 After enabling Remote Administration, click Finish to put the settings into effect. 
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Using Your VNC Client on Linux or Windows to Run ConsoleOne on the Linux 
Server 


After you have enabled Remote Administration on the remote Linux servers: 


1 


on AR O 


Access the remote Linux server in your VNC client by providing the remote server's IP address 
and the remote administration port number, for example: 


137.16.5.18:5901 


In the window that opens on the remote Linux server, start ConsoleOne: 


/usr/ConsoleOne/bin/ConsoleOne 


Authenticate to the eDirectory tree to start ConsoleOne as usual. 
Attach to the domain on the Linux server. 
Proceed with your GroupWise administration tasks. 


When you are finished with GroupWise administration on the remote Linux server, exit 
ConsoleOne. 


Close the window where you have been running ConsoleOne, to close the connection with the 
remote Linux server. 


Remote ConsoleOne Access with a Secure Shell (SSH) Connection 


As an alternative to the Remote Administration feature in YaST, you can use a secure shell (SSH) 
connection to a remote Linux server in order to run ConsoleOne on the remote Linux server. 


+ 


+ 


+ 


“Configuring a Linux Server to Allow a Secure Shell Connection” on page 58 
“Using a Secure Shell Connection on Linux to Run ConsoleOne on the Linux Server” on page 59 


“Using a Secure Shell Connection on Windows to Run ConsoleOne on the Linux Server” on 
page 59 


Configuring a Linux Server to Allow a Secure Shell Connection 


+ 


+ 


“On OES 11 and SLES 11” on page 58 
“On OES 2 and SLES 10” on page 59 


On OES 11 and SLES 11 


1 
2 


3 
4 


In YaST, click Network Service > SSHD Configuration. 
Ensure that Allow X11 Forwarding is selected. 
This is the default setting. 
Click Finish to enable SSHD. 
Configure your firewall to allow the SSHD connection: 
4a Under Security and Users, click Firewall. 
Ab Click Allowed Services. 
4c Inthe Service to Allow drop-down list, select Secure Shell Server, then click Add. 
4d Click Next, then click Finish. 
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On OES 2 and SLES 10 


1 


2 


Check the /etc/ssh/sshd config file to ensure that X11Forwarding is set to yes. 
This is the default setting. 
Configure your firewall to allow the SSH connection: 

2a Under Security and Users, click Firewall. 

2b Click Allowed Services. 

2c Inthe Service to Allow drop-down list, select SSH, then click Add. 

2d Click Next, then click Finish. 


Using a Secure Shell Connection on Linux to Run ConsoleOne on the Linux 
Server 


1 


N © où BR 


Enter the following command to establish a secure shell connection to the remote Linux server: 


ssh -X network address 

Replace network address with the IP address or DNS hostname of the remote Linux server. 
Enter the password to access the remote Linux server as root. 

The command prompt changes to the name of the remote Linux server. 


Start ConsoleOne on the Linux server: 


/usr/ConsoleOne/bin/ConsoleOne 


Authenticate to the eDirectory tree as usual. 
Connect to the domain on the Linux server. 
Proceed with your GroupWise administration tasks. 


When you are finished with GroupWise administration on the remote Linux server, exit 
ConsoleOne. 


Exit the terminal window where you have been connected to the remote Linux server, to close 
the secure shell session. 


Using a Secure Shell Connection on Windows to Run ConsoleOne on the Linux 
Server 


Because Windows does not include an X server, setting up a secure shell from Windows to Linux 
requires additional software that is not free nor especially easy to set up. If you still want to pursue 
this option, refer to the Cool Solutions article, “Remote Management Using SSH and X-Forwarding 
on Windows” (http://www.novell.com/coolsolutions/feature/19258.html). 
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GroupWise View 


When administering GroupWise in ConsoleOne, you can use the standard Novell eDirectory View or 
you can use the GroupWise View. The following sections discuss the GroupWise View and how to 
use it: 

¢ Section 3.1, “eDirectory View versus GroupWise View,” on page 61 

+ Section 3.2, “GroupWise Object Icons,” on page 62 


+ Section 3.3, “Customizing the GroupWise View,” on page 64 


+ 


Section 3.4, “Searching in the GroupWise View,” on page 66 


+ 


Section 3.5, “Performing Administrative Tasks from the GroupWise View,” on page 67 


NOTE: The ConsoleOne illustrations used in the guide show ConsoleOne on Windows. ConsoleOne 
on Linux looks different but provides substantially the same functionality. 


eDirectory View versus GroupWise View 


The eDirectory View displays the GroupWise objects in their contexts in the eDirectory tree, as 
shown in the following example: 


Novell ConsoleOne 
File Edit View Tools Help 


=2|5)5|e/eja] 2188/28/08 0| 
(> My World B Secretaries QA Development 
E- NDS & AccountReps Qa Marketing 
+ CORP_TREE & Engineers CR Sales 
0-8 COMME & Programmers QA sta 
& Q Administration & Salesmen @ Administration Library 
aD Development | 9% Testers äi Development Library 
e A Marketing @ Company Car 1 
i ao @ Company Car 2 
H-Q Provo3 a Conference Room 2012 
a Q Sales a Group Meeting Room 
CR Staff 3 LeaveCalendar 
&-@ Walthamt Lunchroom 
14) Waltham2 @ Provot 
ay Novell @ Provo2 
F9 Security @ Provo3 
H- GroupWise System @ Walthamt 
@ Waltham2 
Q Administration 


24 items À 


ser: admin. Docdey Novell Tree: CORP_TREE 
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The GroupWise View filters out all non-GroupWise objects and shows how the GroupWise objects 
relate to each other in the GroupWise system, as shown in the following example. 


[8 Novell ConsoleOne m 
File Edit View Tools Help 
HRES E KIIEES = Ilo sort zi 
My World 
a p NDS Q adharmapalan Provo3 Marketing Dharmapalan Ahman = 
i 4° CORP TREE 8 aramirez Provo2 Sales Ramirez Art 
H E: GroupWise askoczylas  Provoi Development Skoczylas Alfons 
a E Novell 8 bgelsomino Provo3 Marketing Gensomino Benji 
à ® 8 cbolton Provo3 Marketing Bolton Charles 
a = a Provol 8 fhaughey Provo3 Marketing Haughey Flavian i 
pa fthompson Provo3 Marketing Thompson Fred 
QD Development | 
Ġ @ Provo2 8 gsmith Provot Development Smith Grace 
a da Sales 8 hsarmiento Provo2 Sales Sarmiento Heather 
=) © Provo3 8 jdesoto Provo3 Marketing DeSoto Janet 
E} qQ Marketing 3 jpangilinan  Provoi Development Pangilinan Joe 
8 jstevens Provo2 Sales Stevens Jason 
8 jyacoub Provo3 Marketing Yacoub Ishmael 
8 khuang Provo1 Development Huang Kuo-Chang 
8 mbarnard Provo1 Development Barnard Matt 
8 mdelatorre Provo2 Sales de la Torre Martha 
3 mlamaroux Provo3 Marketing Lamaroux Marie xl 
Corporate Mail |Provot WBD-NVYVISYSigwsystemiprovot 


In the left pane, all Domain objects are displayed under the GroupWise system, and all Post Office 
objects are subordinate to the domains where they reside. You can select the GroupWise system, a 
domain, or a post office in the left pane and then use the drop-down list of GroupWise objects on the 
toolbar to display associated objects (Users, Resources, Message Transfer Agents, and so on) in the 
right pane. In the above example, the GroupWise System is selected in the left pane and the 
GroupWise Object list is set to Users, so the right pane is displaying all users in the entire GroupWise 
system. 


3.2 GroupWise Object Icons 


The following table lists all the GroupWise objects that are displayed in the eDirectory View or 
GroupWise View in ConsoleOne. 


Icon GroupWise Object Additional Information 


ie GroupWise System Represents the GroupWise system you are currently connected to. The 
GroupWise system’s name is displayed in the lower left corner of the 
ConsoleOne window. 


& Primary Domain Represents the system’s primary domain. To ensure consistency, all replication 
of GroupWise information to the GroupWise domain and post office databases 
takes place through the primary domain. For additional information, see Part II, 

“Domains,” on page 129. 


® Secondary Domain Represents any additional domains, other than the primary, created in the 
GroupWise system. For additional information, see Part II, “Domains,” on 
page 129. 


a) Current Domain Represents the domain to which ConsoleOne is currently connected. For 
information about changing the current domain, see Section 9.1, “Connecting to 
a Domain,” on page 145. 


qi External Domain Represents a domain from another GroupWise system. 
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Icon 
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GroupWise Object 
Non-GroupWise 
Domain 

Post Office 

External Post Office 


User 


External Entity 


External User 


Resource 


External Resource 


Distribution List 


Group 


Organizational Role 


Library 


Nickname 


Message Transfer 
Agent 


Post Office Agent 


Gateway 


Additional Information 


Represents all or part of a non-GroupWise system. 


Represents a collection of user accounts (mailboxes). For additional information, 
see Part Ill, “Post Offices,” on page 171. 


Represents a post office in an external GroupWise system or a non-GroupWise 
system. 


Represents an eDirectory user who has been given a GroupWise account in a 
post office. For additional information, see Part IV, “Users,” on page 217. 


Represents a user not listed in eDirectory who has been given a GroupWise 
account in a post office. For additional information, see Part IV, “Users,” on 
page 217. 


Represents a user in an external GroupWise system or a non-GroupWise 
system. 


Represents a conference room or some other resource that can be scheduled by 
users. For additional information, see Part V, “Resources,” on page 263. 


Represents a resource that belongs to an external GroupWise system or a non- 
GroupWise system. 


Represents a group of users or resources that can all be addressed by using the 
distribution list’s name. For additional information, see Part VI, “Distribution 
Lists, Groups, and Organizational Roles,” on page 279. 


Represents an eDirectory group. eDirectory groups, like distribution lists, can be 
addressed by using the group’s name. Any members of the group who have 
GroupWise accounts receive the message. For additional information, see 

Part VI, “Distribution Lists, Groups, and Organizational Roles,” on page 279. 


Represents an eDirectory organizational role. eDirectory organizational roles, 
like distribution lists, can be addressed by using the organizational role’s name. 
Any members of the role who have GroupWise accounts receive the message. 
For additional information, see Part VI, “Distribution Lists, Groups, and 
Organizational Roles,” on page 279. 


Represents a collection of documents. For additional information, see 
Chapter 21, “Document Management Services Overview,” on page 315. 


Represents an additional address associated with a user, resource, or 
distribution list. For additional information, see Part IV, “Users,” on page 217, 
Part V, “Resources,” on page 263, or Part VI, “Distribution Lists, Groups, and 
Organizational Roles,” on page 279. 


Represents a Message Transfer Agent (MTA) associated with a domain. For 
additional information, see Part X, “Message Transfer Agent,” on page 619. 


Represents a Post Office Agent (POA) associated with a post office. For 
additional information, see Part IX, “Post Office Agent,” on page 469. 


Represents a method of linking to another email system or transport. For 
additional information, see the GroupWise gateway guides (http:// 
www.novell.com/documentation/gwgateways). 


GroupWise gateways are legacy products that are not supported with the current 
GroupWise version. 
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3.3 Customizing the GroupWise View 


You can change the column display, order, and width to customize the GroupWise View. 


Changes are preserved from one ConsoleOne session to the next. In addition, your last view is 
persistent from session to session. For example, if you last used the Distribution Lists view, the next 
time you start ConsoleOne and open the GroupWise View, the Distribution Lists view is displayed. If 
the last-used view is not applicable (for example, you had the Gateways view open and when the 
new ConsoleOne session starts you select a Post Office object), the GroupWise View defaults to the 
Users view. 


+ Section 3.3.1, “Changing the Column Display and Order,” on page 64 
+ Section 3.3.2, “Changing the Column Widths,” on page 66 


3.3.1 Changing the Column Display and Order 


For each view (Users, Distribution Lists, Gateways, Post Offices, and so on), you can determine which 
columns are displayed and the order in which they are displayed. 


1 Select GroupWise System in the left (tree) pane, then select the view (for example, Users). 
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2 (Conditional) If you are changing the Users view, use the drop-down list to select how you want 
to sort users (ID Sort, User Name Sort, First Name Sort, or Last Name Sort). 


The Users view allows you to sort by ID, user name, first name, or last name. Each of these is 
treated as a separate Users view for which you can determine the column display and order. The 
views for different objects offer different sort options. 
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3 Click View > Edit Columns to display the Select Group Wise View Columns dialog box. 


KC] Select GroupWise View Columns 


Selected Columns Available Fields 
tete einen SN tn 
Domain Name Admin Defined 1 
Post Office Name Admin Defined 10 
Admin Defined 11 
Admin Defined 12 
Admin Defined 13 
Admin Defined 14 
Admin Defined 15 
Admin Defined 16 
Admin Defined 17 
Admin Defined 18 
Admin Defined 19 
Admin Defined 2 
Admin Defined 20 
Admin Defined 3 
Admin Defined 4 
Admin Defined 5 x 


4 To add a column, select the column in the Available Fields list, then click the left-arrow to add it to 


the Selected Columns list. 
Many kinds of useful information can be added to an object's display in ConsoleOne. 
For users, displayable information includes: 
+ Current mailbox size 
+ File ID (FID) 
+ Last client login time 
+ Move error 
For POAs, displayable information includes: 
+ Port numbers 
+ Thread numbers 
+ Log level 


+ Platform 


5 To determine the display order, select a column in the Selected Columns list, then click the up- 


arrow and down-arrow to move it to the desired position. 


6 To remove a column, select the column in the Selected Columns list, then click the right-arrow to 


add it to the Available Fields list. 


7 When you are finished, click OK to save your changes. 


GroupWise View 


65 


3.3.2 Changing the Column Widths 


You can change column widths in a view by dragging the right or left edge of the column label. 


KS Novell ConsoleOne 
File Edit View Tools Help 


Marketing Dharmapalan Ahman 
Provo2 Sales Ramirez Art 
Provot Development Skoczylas Alfons 
Provo3 Marketing Gensomino Benjii 
Provo3 Marketing Bolton Charles 
Provo3 Marketing Haughey Flavian 
a qQ Development Provo3 Marketing Thompson Fred 
E- Provo2 il Provo1 Development Smith Grace 
e Ga Sales i Provo2 Sales Sarmiento Heather 
g © Provo3 8 Provo3 Marketing DeSoto Janet 
E any Marketing ji jili Provo1 Development Pangilinan Joe 
Provo2 Sales Stevens Jason 


5 CORP TREE 
a GroupWise 
H- Novell 
a- fA Security 

ipWise m 


Provo3 Marketing Yacoub Ishmael 
8 khuang Provot Development Huang Kuo-Chang 
8 mbarnard Provo1 Development Barnard Matt 
8 mdelatorre Provo2 Sales de la Torre Martha 
3 miarnaroux  Provo3 Marketing Lamaroux Marie zi 


Corporate Mail [Provot [WBD-NWISYSigwsystem\provol 


3.4 Searching in the GroupWise View 


You can search for a specific entry in a view. The search is performed on the first column. For 
example, if the Resources view is displayed, you can search for a specific resource based on its object 
ID. If the Users view (with Last Name Sort selected) is displayed, you can search for a specific user 
based on the user’s last name. 


With the Users view, if you have First Name Sort or Last Name Sort selected, you can search for a 
complete user name (both first and last name) by using a comma as a delimiter between the names. A 
space after the comma is optional. 


For example, if the Users view displays first names in the first column and last names in the second 
column, you can type John,Smith to go directly to that user name. If the columns were reversed, you 
could use Smith,John. 


To perform a search: 


1 Change to the view you want to search. 
2 Select the first entry in the view. 


3 Type the text to search for. 
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3.5 


As you type text, a text box appears in the lower right corner of the GroupWise View. 
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Performing Administrative Tasks from the GroupWise View 


You can perform many GroupWise administrative tasks from the GroupWise View as well as from 
the eDirectory View. For example, you can: 


+ Create new objects. 
* Modify the properties of an object. 


+ Move, rename, or delete an object from the GroupWise system. 


+ 


Use the GroupWise utilities, system operations, and diagnostic options on the Tools menu. 


In addition, external objects must be created and managed in the GroupWise View because they are, 
by definition, external to eDirectory and have no eDirectory context. For example, if you install the 
GroupWise Internet Agent (GWIA) and want to simplify addressing for your users by adding the 
Internet as a non-GroupWise domain, you must perform the task in the GroupWise View. 
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4.1 


GroupWise System Operations 


The GroupWise system operations in ConsoleOne allow you to perform various tasks to maintain 
and optimize your GroupWise system. The following sections provide information about the system 
operations included on the Tools menu (Tools > GroupWise System Operations): 

+ Section 4.1, “Select Domain,” on page 69 

+ Section 4.2, “System Preferences,” on page 72 

+ Section 4.3, “eDirectory User Synchronization,” on page 79 

+ Section 4.4, “Admin-Defined Fields,” on page 79 

+ Section 4.5, “Pending Operations,” on page 80 

+ Section 4.6, “Addressing Rules,” on page 80 

+ Section 4.7, “Time Zones,” on page 81 

+ Section 4.8, “External System Synchronization,” on page 84 

+ Section 49, “Software Directory Management,” on page 84 

+ Section 4.10, “Restore Area Management,” on page 89 

+ Section 4.11, “Internet Addressing,” on page 89 

+ Section 4.12, “Trusted Applications,” on page 90 

+ Section 4.13, “LDAP Servers,” on page 93 

+ Section 4.14, “Global Signatures,” on page 94 


NOTE: If the majority of the items on the GroupWise System Operations menu are dimmed, you are 
connected to a secondary domain in a GroupWise system where Restrict System Operations to Primary 
Domain has been selected under System Preferences. This option is selected by default. For more 
information, see Section 4.2, “System Preferences,” on page 72. 


Select Domain 


By default, ConsoleOne must be connected to a Group Wise domain in order for you to administer 
your GroupWise system. Being connected to a GroupWise domain ensures that information is 
replicated not only in Novell eDirectory but also in the GroupWise domain and post office databases. 
+ Section 4.1.1, “Selecting a Domain to Connect To,” on page 70 
+ Section 4.1.2, “Understanding the Need for Domain Connections,” on page 71 


+ Section 4.1.3, “Handling Cross-Platform Domain Connections,” on page 71 
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4.1.1 Selecting a Domain to Connect To 


You can be connected to any domain in the GroupWise system. Being connected to a domain means 
that ConsoleOne has write access to the domain database (wpdomain. db). 


As shown inthe following example, the domain to which you are currently connected is indicated by 
a plug on the domain’s icon. In addition, the connected domain is listed at the bottom of the 


ConsoleOne window. 
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To change the domain to which you are connected: 


1 In ConsoleOne, click Tools > GroupWise System Operations > Select Domain. 
GroupWise Administrator 


Domain Path: 


WBDigwsystemiprovo1 S 


Enter a valid path to a domain database and click OK, or click 
Cancel to continue. 


Cancel 


2 Browse to and select the domain directory, then click OK to connect to the domain. 


You can also connect to a domain by right-clicking the domain in the GroupWise View and 
clicking Connect. However, in certain cross-platform situations, the Select Domain feature must 
be used to create the connection. 
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4.1.2 


4.1.3 


Understanding the Need for Domain Connections 


Some administrative tasks reguire you to be connected to a specific domain but others do not. In 
general, operations that create new GroupWise container objects or delete Group Wise container 
objects reguire you to be connected to the domain where the object resides. Operations that add or 
delete leaf objects or modify the properties of an existing object do not reguire you to be connected to 
the object's domain. 


In addition to eDirectory considerations, administrative tasks that reguire file system access to 
domain directories reguire direct connections. 


+ Create Domain: When you create a new domain, you must be attached to the primary domain 
and have direct access to the server where you want to create the new secondary domain so that 
ConsoleOne can create the new secondary domain database. 


+ Rebuild Domain Database: When you rebuild a secondary domain database, ConsoleOne 
needs direct access to the primary domain in order to rebuild the secondary domain database. 


+ Sync Primary with Secondary: If your primary domain becomes out of date for some reason, 
ConsoleOne reguires direct access to the primary domain and a secondary domain in order to 
update the data in the primary domain database based on the data available in the secondary 
domain database. 


+ Replace Primary with Secondary: If you have structural problems with your primary domain 
database, ConsoleOne reguires direct access to the primary domain and a secondary domain in 
order to reconstruct the primary domain database from the data available in the secondary 
domain database. 


+ Merge/Release: If you are combining or separating GroupWise systems, ConsoleOne requires 
direct access to the primary domain and a secondary domain that is being merged or released. 


Handling Cross-Platform Domain Connections 


How the write access between ConsoleOne and a domain database is achieved depends on the 
platform where you are running ConsoleOne and the platform where the domain is located. 


ConsoleOne Domain Platform Connection Options 


Platform 
Linux Linux Server Local directory 
ConsoleOne : or 
Mounted file system where the mount point directory matches the 
domain directory on the mounted file system 
Windows server Mounted file system where the mount point directory matches the 
Windows server hostname and share 
Windows Linux server Samba mount where the path to the domain on the Linux server is 
ConsoleOne prefixed by the Linux server hostname from the point of view of 
ConsoleOne 
Windows server Local drive 


Mapped drive 


Instructions for mounting file systems and setting up Samba shares are provided in Chapter 2, 
“ConsoleOne Administration Tool,” on page 39. 
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The database location is stored internally in UNC path format (\\server\volume\directory) but is 
displayed on the Domain object Identification page in ConsoleOne based on the platform of 
ConsoleOne and the database location. 


ConsoleOne Domain Platform Database Location 


Platform 
Linux Linux Server /domain directory 
ConsoleOne 
Windows server /mnt/windows server/share/domain directory 
Windows Linux Server \\linux server\domain directory 
ConsoleOne 
Windows server \\windows server\share\domain directory 


When you click Connect in the GroupWise View, ConsoleOne uses the domain's UNC path to 
automatically connect you to the correct domain if possible; otherwise, you must use the Select 
Domain feature to manually browse to and select the domain database in order to connect to the 
domain. 


4.2 System Preferences 


You can use the GroupWise system preferences to configure the defaults for various GroupWise 
system settings. 


1 In ConsoleOne, click Tools > GroupWise System Operations > System Preferences. 


GroupWise System Preferences 


Admin Lockout Settings Archive Service Settings 
_ Admin Preferences /| Routing Options | External Access Rights | Nickname Settings 
Set access rights automatically: 
[O When creating a GroupWise user 
When creating or modifying objects, for network ID use: 
( Full Distinguished Name 


© Common Name 


Display Identity Manager (DirXML) warnings 


The GroupWise System Preferences dialog box contains the following tabs: 


+ Admin Preferences: Controls how rights are assigned and what network ID format is used 
when creating new GroupWise users. By default, rights are assigned automatically and the 
fully distinguished name format is used. 


+ Routing Options: Controls default message routing for your GroupWise system. By default, 
no routing domain is assigned. 


+ External Access Rights: Controls the access that users on external GroupWise systems have 
to your GroupWise users’ information. By default, Busy Search and status tracking 
information is not returned to users on external GroupWise systems. 


+ Nickname Settings: Controls how addressing is handled after you move a user from one 
post office to another. By default, nicknames representing old addresses are not 
automatically created when users are moved. 
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+ Default Password: Assigns a default password for new GroupWise user accounts. By 
default, you must manually assign a password for each GroupWise account you create. 


+ Admin Lockout Settings: Controls access to the GroupWise administration functions in 
ConsoleOne. By default, there are no restrictions. 


+ Archive Service Settings: Sets the default archive service for your GroupWise system. 
Archive services are third-party applications that can function as GroupWise trusted 
applications, such as Messaging Architects M+Archive Email Archiving Software (http:// 
www.messagingarchitects.com/products/m-archive-email-archiving.html). When you 
install an archive service to a server, the archive service is added to the list of archive service 
trusted applications that displays in ConsoleOne. 


+ Linux Settings (Linux ConsoleOne Only): Establishes the mount directory where 
ConsoleOne can find mounted file systems where domains and post offices are located. 


2 Changethe system preferences as needed. 
3 Click OK to save the changes. 


4.2.1 Admin Preferences 


1 Inthe GroupWise System Preferences dialog box, click the Admin Preferences tab to modify any 
of the following options: 


GroupWise System Preferences 


Admin Lockout Settings Archive Service Settings 
į Admin Preferences | Routing Options | External Access Rights | Nickname Settings 


Set access rights automatically: 
[C When creating a GroupWise user 


When creating or modifying objects, for network ID use: 
© Full Distinguished Name 


© Common Name 


Display Identity Manager (DirxML) warnings 


Set Access Rights Automatically: Users require specific eDirectory and file system rights in 
order to use GroupWise (see Chapter 89, “GroupWise User Rights,” on page 1141). Select this 
option to automatically grant these rights when creating a GroupWise account for users. 


Appropriate eDirectory object rights enable the GroupWise client to log in to the user’s post 
office without prompting the user for the post office location (IP address, UNC path, or mapped 
drive.) 


Appropriate file system rights enable the GroupWise client to directly access the post office 
directory rather than use client/server access. 


When Creating or Modifying Objects, For Network ID Use: Select Full Distinguished Name (for 
example, paul .engineering.ny) when users’ mailboxes reside on a NetWare server and users 
have an eDirectory connection to the server where the post office resides. 


Starting in GroupWise 2012, NetWare is no longer a supported GroupWise platform. However, 
Novell eDirectory is still required (version 8.7 or later). The supported versions of eDirectory use 
full distinguished names for network IDs. 


Do not select Common Name (for example, paul). 


Display Identity Manager (DirXML) Warnings: The Identity Manager Driver for GroupWise 
provides data integration between GroupWise users and groups in eDirectory. For example, you 
can have an email account automatically created as soon as an employee is hired. The same 
driver can also disable an email account when a user is no longer active. 
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If you are using the Identity Manager Driver for GroupWise, some GroupWise operations that 
you perform in ConsoleOne reguire you to take preliminary actions with the driver. For 
example, if you recover a deleted account, you need to stop the driver before recovering the 
account and restart it after the operation is complete. 


This option enables you to receive a warning message whenever you perform a GroupWise 
operation in ConsoleOne that is affected by the Identity Manager driver. The warning message 
includes instructions about the actions you need to take with the driver before continuing with 
the GroupWise operation. If you are using the Identity Manager Driver for GroupWise, we 
strongly recommend that you enable this option. If you are not using the driver, you can disable 
the option to avoid receiving unnecessary messages. 


For more information, see “GroupWise DirXML Driver for Novell Identity Manager” in the 
GroupWise 2012 Interoperability Guide. 


2 Click OK to save the changes. 


4.2.2 Routing Options 


1 Inthe GroupWise System Preferences dialog box, click the Routing Options tab to modify any of 
the following options: 


GroupWise System Preferences 


Default Password i ut Settings Archive Service Settings 
Admin Preferences |; Routing Options /| External Access Rights | Nickname Settings 


Default Routing Domain: 


w (er 


MTAs send directly to other GroupWise systems 


Default Routing Domain: If a domain’s MTA cannot resolve a message’s address, the message 
is routed to this default domain’s MTA. The default domain’s MTA can then be configured to 
handle the undeliverable messages. This might involve routing the message to another 
GroupWise domain or to an Internet address (by performing a DNS lookup). Browse to and 
select the GroupWise domain you want to use as the default routing domain. 


Force All Messages to this Domain: This option applies only if you select a default routing 
domain. Select this option to force all messages to be routed through the default routing domain 
regardless of the links you have configured for your GroupWise system’s domains. 


MTAs Send Directly to Other GroupWise Systems: Select this option if you want all MTAs in 
your GroupWise system to perform DNS lookups and route messages out across the Internet. If 
you deselect this option, you can designate individual MTAs to perform DNS lookups and route 
messages to the Internet. For more information, see “Using Dynamic Internet Links” in 
“Connecting to Other GroupWise Systems” in the GroupWise 2012 Multi-System Administration 
Guide. 


2 Click OK to save the changes. 


4.2.3 External Access Rights 


1 Inthe GroupWise System Preferences dialog box, click the External Access Rights tab to modify 
any of the following options: 
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4.2.4 


GroupWise System Preferences 


Default Password Admin Locko! i ive Service Settings 
Admin Preferences | Routing Options |! External Access Rights fl Nickname Settings 


Allow external busy search 


Allow external status tracking 


Allow External Busy Search: Select this option to enable users in other GroupWise systems to 
perform Busy Searches on your GroupWise users’ Calendars. 


Allow External Status Tracking: Select this option to enable users in other GroupWise systems 
to receive message status information (such as whether a message has been delivered, opened, 
and so on) when messages arrive in your GroupWise system. 


2 Click OK to save the changes. 


Nickname Settings 


A nickname is an additional GroupWise address that can be associated with a user, resource, or 
distribution list. For background information, see Section 14.7.4, “Creating a Nickname for a User,” 
on page 252. 


1 Inthe GroupWise System Preferences dialog box, click the Nickname Settings tab to modify any 
of the following options: 


GroupWise System Preferences 


Default Password Admin Lockout Settings Archive Service Settings | 
Admin Preferences | Routing Options | External Access Rights |; Nickname Settings | 


| Auto-create on User Move 
© Never 
O Always 
© Prompt 


Auto-Create on User Move: Whenever you move a user, GroupWise can automatically create a 
nickname with the user’s old post office. This enables messages sent to the old address to be 
automatically forwarded to the user’s new address. Select whether or not you want GroupWise 
to never create nicknames, always create nicknames, or prompt you during the move process. 


Expire After: This option applies only if you selected Always or Prompt. If you want the 
nickname to be automatically removed after a period of time, specify the time period (in days). 
Valid values range from 1 to 365 days. A setting of 0 indicates that the nickname will not be 
automatically removed. 


2 Click OK to save the changes. 
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4.2.5 Default Password 


1 Inthe GroupWise System Preferences dialog box, click the Default Password tab to modify any of 
the following options: 


GroupWise System Preferences 


outing Options | External Access Rights | Nickname Settings 
į _ Default Password | Admin Lockout Settings Archive Service Settings 


Default password for new users: 


Default Password for New Users: Specify the default password you want assigned to new 
GroupWise user accounts. 


2 Click OK to save the changes. 


4.2.6 Admin Lockout Settings 


1 Inthe GroupWise System Preferences dialog box, click the Admin Lockout Settings tab to modify 
any of the following options: 


GroupWise System Preferences 


Admin Preferences j ss Rights | Nickname Settings 
Default Password | Admin Lockout Settings || Archive Service Settings 


v] Restrict System Operations to Primary Domain 


Lock Out Older GroupWise Administration Snapins 


Minimum Snapin Release Version (x.x.x): 


Minimum Snapin Release Date: 


© 


_ CCS) 


Restrict System Operations to Primary Domain: Disable this option to allow an administrator 
to perform system operations (Tools > GroupWise System Operations) when he or she is not 
connected to the primary domain. This option is enabled by default, which means that all 
operations except Select Domain, Pending Operations, Software Directory Management, and Restore 
Area Management are unavailable when connected to a secondary domain. 


Lock Out Older GroupWise Administration Snap-Ins: Enable this option to prevent 
administrators from using older GroupWise ConsoleOne snap-ins for accessing GroupWise 
objects in eDirectory. You can override these system lockout settings for individual domains 
(Domain object > GroupWise > Admin Lockout Settings). 


In versions of GroupWise earlier than 2012, there are four GroupWise snap-ins to ConsoleOne, 
one for general administration, one for Internet Agent (GWIA) administration, and two for 
WebAccess administration. In GroupWise 2012, WebAccess configuration information is no 
longer stored in eDirectory, so no WebAccess eDirectory objects are needed. The ability to lock 
out older GroupWise snap-ins starts with GroupWise 6.5. 


In the Minimum Snap-In Release Version (x.x.x) field, specify the version number of the oldest 
GroupWise snap-ins that can be used to administer your GroupWise system. 
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In the Minimum Snap-in Release Date field, select the date of the oldest GroupWise snap-ins that 
can be used to administer your GroupWise system. 


You can specify the minimum version, the minimum date, or both. If you specify both 
minimums, any administrator using snap-ins that are older than both minimums cannot use the 
GroupWise snap-ins. However, such an administrator can still run ConsoleOne for other 
purposes but must update the GroupWise snap-ins before GroupWise administration features 
are available again. Default admin lockout settings can be overridden on individual domains as 
needed. 


The date for GroupWise 2012 is January 17, 2012. 


IMPORTANT: The specified release version and release date affect the Identity Manager 
GroupWise Driver as well as the ConsoleOne snap-ins. If you are using Identity Manager with 
GroupWise, do not specify a release version or date that is newer than the release version and 
date of the Identity Manager GroupWise Driver that you are running. 


2 Click OK to save the changes. 


Archive Service Settings 


When you use a message retention service with Group Wise, as described in Chapter 33, “Retaining 
User Messages,” on page 441, you have the option of associating an archive service with the message 
retention service. The message retention service and its associated archive service must be set up as a 
GroupWise trusted application, as described in Section 4.12, “Trusted Applications,” on page 90. 
Different archive services provide differing storage alternatives (memory, disk, or tape, for example) 
and differing alternatives for speed and cost. You can configure multiple archive services for your 
GroupWise system. 


+ “Selecting the System Default Archive Service” on page 77 
+ “Overriding the System Default Archive Service” on page 78 


Selecting the System Default Archive Service 


1 Inthe GroupWise System Preferences dialog box, click the Archive Service Settings tab to select 
the system default archive service for your Group Wise system. 


GroupWise System Preferences 


Admin Preferences | Routing Options | External Acc 
Default Password | _ Admin Lockout Settings ||. Arche Service Settings 


Archive Service Trusted Applications: 
<None> v 


Archive Service Trusted Applications: Lists the third-party archive services that are available to 
your GroupWise system as trusted applications. 


Select the archive service that you want to use as the default for your GroupWise system. You 
can override the system default on individual post offices. 


2 Click OK to save your selection. 
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Overriding the System Default Archive Service 


1 Browse to and right-click the Post Office object where you want to override the default, then 


click Properties 


2 Click GroupWise > Post Office Settings. 
3 Inthe Default Archive Service Trusted Application field, select Override. 
4 Selectthe archive service for that post office, then click OK. 


4.2.8 Linux Settings (Linux ConsoleOne Only) 


1 Inthe GroupWise System Preferences dialog box, on Linux, click the Linux Settings tab to specify 


the mount directory. 


GroupWise System Preferences x 


Archive Service Settings | Linux Settings | 


Default Password T Admin Lockout Settings 
External Access Rights Nickname Settings 
Admin Preferences | Routing Options 


Linux Mount Directory: 
{mnt =) 


Enter a valid path to the mount directory and click OK, or click 
Cancel to continue 


OK | Cancel | Help 


Mount Directory: Specify the mount directory where ConsoleOne can find mounted file 
systems where domains and post offices are located. 


GroupWise databases can be located on Linux servers or Windows servers. In the Linux mount 
directory, you create directories that have the same names as the servers that are mounted to 
those mount points. You do this for each server where a domain or post office is located that you 
want to access from ConsoleOne. The following table illustrates the correspondence between 
UNC paths and mount point directories for GroupWise database locations on Linux and 
Windows, assuming the typical mount point directory of /mnt: 


Platform GroupWise Domain UNC Path Corresponding Linux 
Mount Point 


Linux \\linux server\gw partition\domain directory /mnt/linux server/ 
gw partition 


Windows \\windows server\gw share\domain directory /mnt/windows server/ 
gw share 


GroupWise administrators can have different mount points depending on the workstation or 
server where they are running ConsoleOne. The mount directory information is stored in a user- 
specific preferences file (.consoleone/SnapinPrefs.ser in each GroupWise administrator’s 
home directory). 


2 Click OK to save the changes. 
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eDirectory User Synchronization 


For user information to be displayed in the GroupWise Address Book, the information must be 
stored not only in eDirectory but also in the GroupWise domain and post office databases. If you add 
or modify user information using an installation of ConsoleOne with the Group Wise Administrator 
snap-in, the GroupWise Administrator snap-in adds the user information to the GroupWise 
databases. However, if you add or modify user information using a ConsoleOne installation that is 
not running the GroupWise Administrator snap-in, the user information is not changed in the 
GroupWise databases. This is also true if you add or modify user information using Novell iManager 
or older administration tools such as NetWare Administrator to manage a legacy GroupWise 
domain. 


To ensure that the user information stored in the GroupWise databases is always synchronized with 
the user information in eDirectory, you can set up eDirectory user synchronization. For detailed 
information see Section 42.4.1, “Using eDirectory User Synchronization,” on page 652. 


Admin-Defined Fields 


eDirectory includes user information that is not associated to GroupWise user fields. By default, such 
eDirectory fields are not displayed in the GroupWise Address Book. However, you can use the 
Admin-Defined Fields feature to map eDirectory user fields to GroupWise fields so that they can be 
displayed in the GroupWise Address Book. 


1 Click Tools > System Operations > Admin-Defined Fields. 


Administrator-Defined Fields 


Current Field Mappings: 

GroupWise Field eDirectory Property 
E Defined 1 <unused> 
[admin Defined 2 <unused> 
Admin Defined 3 <unused> 
Admin Defined 4 <unused> 
{Admin Defined 5 <unused> 


Admin Defined 6 <unused> 


{Admin Defined 7 <unused> 
|Admin Defined 8 <unused> (tee ) 
Admin Defined 9 <unused> 
|Admin Defined 10 <unused> 
‘Admin Defined 11 <unused> 
{Admin Defined 12 <unused> 
Admin Defined 13 <unused> 
[Admin Defined 14 <unused> 
(Admin Defined 15 <unused> 
Admin Defined 16 <unused> 
|Admin Defined 17 <unused> 


Admin Defined 18 <unused> 


Admin Defined 19 <unused> 


eDirectory fields that you associate with GroupWise fields here are available for use in all 
domains throughout your GroupWise system. You can also customize the GroupWise Address 
Book for individual domains, as described in Section 6.1.1, “Adding eDirectory Fields to the 
Address Book,” on page 106 


2 Select the first available admin-defined field, then click Edit. 


3 Select the eDirectory property that you want to associated with the admin-defined field, then 
click OK. 


4 To remove an admin-defined field, select the field, then click Clear. 


You are prompted for whether to remove the corresponding values from user records. This 
might be a time-consuming process. 
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5 Click Yes to cleanup all obsolete references to deleted admin-defined fields in all user records. 
Or 
Click No to perform the cleanup later. 


At any time, you can click Cleanup to remove obsolete references to deleted admin-defined fields 
from all user records. It is a good practice to run Cleanup periodically to ensure that the admin- 
defined fields in ConsoleOne match the admin-defined fields that appear in user records. 


45 Pending Operations 


Pending operations are the results of administrative operations, such as adding GroupWise objects 
and modifying GroupWise object properties, that have not yet been permanently written to the 
appropriate GroupWise databases. While operations are pending, GroupWise data is not ina 
consistent state. 


For example, you can maintain any domain’s objects you have administrative rights over. However, 
because a secondary domain owns its own objects, any operation you perform from the primary 
domain on a secondary domain’s objects must be validated by the secondary domain. While the 
operation is being validated, the Pending Operations dialog box displays object details and the 
pending operation. 


While the operation is pending, the object is marked Unsafe in the primary domain database. The 
Operation field in the dialog box displays the pending operation. An unsafe object can have other 
operations performed on it, such as being added to a distribution list; however, the object record is 
not distributed to other domains and post offices in the system until it is marked Safe. 


All pending operations require confirmation that the operation was either successfully performed or 
could not be performed. If the operation was successful, the pending operation is removed from the 
list, the record is marked in the database as Safe, and the record is distributed to all other domains 
and post offices in your system. If the operation could not be performed, the pending operation 
remains in the list where you can monitor and manage it. 


1 In ConsoleOne, connect to the domain whose pending operations you want to view, as described 
in Section 4.1, “Select Domain,” on page 69. 


2 Make sure the agents are running for the domain and/or post office where you are checking for 
pending operations 


3 Click Tools > GroupWise System Operations > Pending Operations. 


While an operation is being validated, the Pending Operations dialog box displays the object 
and the operation waiting completion and confirmation. 


4 For more detailed information, select the pending operation, then click View. 


5 If conditions on the network have changed so that a pending operation might now succeed, 
select the pending operation, then click Retry. 


6 If you want to cancel a pending operating that has not yet taken place, select the pending 
operation, then click Undo. 


4.6 Addressing Rules 


You can use the Addressing Rules feature to configure GroupWise so that users can enter shortened 
forms of email addresses for use through GroupWise gateways. 
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NOTE: Group Wise gateways are legacy products that are not supported with the current GroupWise 
version. 


4.7 Time Zones 


When you create a domain or post office, you select the time zone in which it is located. This ensures 
that GroupWise users in other time zones receive Calendar events and tracking information adjusted 
for local time. 


The time zone list includes predefined definitions for each time zone. Most time zones include 
multiple definitions to account for different locations within the time zone. Each time zone definition 
allows you to specify the Daylight Saving Time dates and bias (1 hour, 30 minutes, etc.). 


You can modify existing time zone definitions, add new definitions, or delete definitions. 


+ Section 4.7.1, “Modifying a Time Zone Definition,” on page 81 
+ Section 4.7.2, “Adding a Time Zone Definition,” on page 82 


+ Section 4.7.3, “Deleting a Time Zone Definition,” on page 83 


4.7.1 Modifying a Time Zone Definition 


1 In ConsoleOne, click Tools > GroupWise System Operations > Time Zones. 


Configure Time Zones 


Time Zones: 

(GMT) Casablanca, Monrovia 

(GMT) Greenwich Mean Time; Dublin, Edinburgh, Lisbon, London 
(GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 
(GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague 
(GMT+01:00) Brussels, Copenhagen, Madrid, Paris, Vilnius 
(GMT+01:00) Sarajevo, Skopje, Sofija, Warsaw, Zagreb 
(GMT+02:00) Athens, Istanbul, Minsk 

(GMT+02:00) Bucharest 

(GMT+02:00) Cairo 

(GMT+02:00) Harare, Pretoria 

(GMT+02:00) Helsinki, Riga, Tallinn 

(GMT+02:00) Israel 


Daylight Saving Time 


Start Date/Time: Last Sunday of March at 2:00 AM 
End Date/Time: Last Sunday of October at 3:00 AM 


2 Selectthe time zone to modify, then click Edit to display the Edit Time Zone dialog box. 


Edit Time Zone 


Time Zone Name: (GMT-05:00) (Eastern Time (US & Canada)| Ol 
Offset from GMT: -5 s hours 0 (SI minutes 
Abbreviation: [EST ] 


Observe Daylight Savings Time 


Start Day: Second | |Sunday x| of |March w| at [2:00AM 


Last Day: First w| (Sunday {| of |November v| at [2:ooam | 


Bias: 1 JR) hours 0 $ minutes 


3 Modify any of the following fields: 
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Time Zone Name: Provide a name for the time zone definition (for example, some of the major 
cities in the time zone). We suggest you include a reference (+ or -) to GMT, for example (GMT- 
07:00). The time zone list is sorted by the GMT offset. 


Offset from GMT: Specify the hours and minutes that the time zone is offset from Greenwich 
Mean Time. The offset from GMT keeps your different locations synchronized. For example, if a 
conference call is scheduled for 4:00 p.m. June 1 in Salt Lake City, the call would appear on a 
schedule in Adelaide at 8:30 a.m. June 2. If you are in the western hemisphere (west of the 
Greenwich Meridian and east of the International Date Line) be sure the hour offset is negative (- 
). If you are in the eastern hemisphere (east of the Greenwich meridian and west of the 
International Date Line) be sure the hour offset is positive. 

Abbreviation: Specify an abbreviation for the time zone. For example, the abbreviation for 
Atlantic Standard Time could be AST; the abbreviation for Atlantic Daylight Time could be 
ADT. 


Observe Daylight Saving Time: If the time zone observes daylight saving time, click the 
Observe Daylight Saving Time box, then fill out the remaining fields. 


Start Day: Select the week, day, month, and hour daylight saving time starts. 

Last Day: Select the week, day, month, and hour daylight saving time ends. 

Bias: Enter the number of hours and minutes that the clock changes at the daylight saving time 
start day, such as 1 hour or 1 hour 30 minutes. 

Example: 

Start day: Second Sunday of March at 2:00 am. 


Last day: First Sunday of November at 2:00 am. 
Bias: 1 hour 0 minutes 


4 Click OK to save the changes. 


4.7.2 Adding a Time Zone Definition 
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1 In ConsoleOne, click Tools > GroupWise System Operations > Time Zones. 


Configure Time Zones 


Time Zones: 

(GMT) Casablanca, Monrovia 

GMT) Greenwich Mean Time; Dublin, Edinburgh, Lisbon, London 
(GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 
(GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague 
(GMT+01:00) Brussels, Copenhagen, Madrid, Paris, Vilnius 
(GMT+01:00) Sarajevo, Skopje, Sofija, Warsaw, Zagreb 
(GMT+02:00) Athens, Istanbul, Minsk 

(GMT+02:00) Bucharest 

(GMT+02:00) Cairo 

(GMT+02:00) Harare, Pretoria 

(GMT+02:00) Helsinki, Riga, Tallinn 

(GMT+02:00) Israel 


Daylight Saving Time 


Start Date/Time: Last Sunday of March at 2:00 AM 
End Date/Time: Last Sunday of October at 3:00 AM 


2 Click Add to display the Add Time Zone dialog box. 
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Time Zone Name: (GMT) | 


Offset from GMT: 0 + hours 0 4 minutes 
Abbreviation: 


I” Observe Daylight Savings Time 


Start Day: {First 


Sunday 2) ot [April 


X 


X 


Last Day: |Last Sunday xj of {October 


Bias: 1 i hours 0 + minutes 


3 Fill in the following fields: 


Time Zone Name: Provide a name for the time zone definition (for example, some of the major 
cities in the time zone). We suggest you include a reference (+ or -) to GMT, for example (GMT- 
07:00). The time zone list is sorted by the GMT offset. 


Offset from GMT: Specify the hours and minutes that the time zone is offset from Greenwich 
Mean Time. The offset from GMT keeps your different locations synchronized. For example, if a 
conference call is scheduled for 4:00 p.m. June 1 in Salt Lake City, the call would appear on a 
schedule in Adelaide at 8:30 a.m. June 2. If you are in the western hemisphere (west of the 
Greenwich Meridian and east of the International Date Line) be sure the hour offset is negative (- 
). If you are in the eastern hemisphere (east of the Greenwich meridian and west of the 
International Date Line) be sure the hour offset is positive. 


Abbreviation: Specify an abbreviation for the time zone. For example, the abbreviation for 
Atlantic Standard Time could be AST; the abbreviation for Atlantic Daylight Time could be 
ADT. 


Observe Daylight Saving Time: If the time zone observes daylight saving time, click the 
Observe Daylight Saving Time box, then fill out the remaining fields: 


¢ Start Day: Select the day and time that daylight saving time starts. 
+ Last Day: Select the day and time that daylight saving time ends. 


¢ Bias: Select the number of hours and minutes that the clock changes at the daylight saving 
time start day, such as1 hour or 1 hour 30 minutes. 


4 Click OK to add the definition to the time zone list. 


4.7.3 Deleting a Time Zone Definition 


When you delete a time zone from the list, you can no longer select it for a domain or post office. 


1 In ConsoleOne, click Tools > GroupWise System Operations > Time Zones. 
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Configure Time Zones 


Time Zones: 

(GMT) Casablanca, Monrovia 

GMT) Greenwich Mean Time, Dublin, Edinburgh, Lishon, London 
(GMT+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna 
(GMT+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague 
(GMT+01:00) Brussels, Copenhagen, Madrid, Paris, Vilnius 
(GMT+01:00) Sarajevo, Skopje, Sofija, Warsaw, Zagreb 
(GMT+02:00) Athens, Istanbul, Minsk 

(GMT+02:00) Bucharest 

(GMT+02:00) Cairo 

(GMT+02:00) Harare, Pretoria 

(GMT+02:00) Helsinki, Riga, Tallinn 

(GMT+02:00) Israel 


Daylight Saving Time 


Start Date/Time: Last Sunday of March at 2:00 AM 
End Date/Time: Last Sunday of October at 3:00 AM 


2 Select the time zone to remove from the list, click Delete, then click Yes to confirm the deletion. 


External System Synchronization 


The External System Synchronization feature lets you automatically synchronize information 
between your system and an external GroupWise system connected to your system. For information 
about connecting GroupWise systems and keeping information synchronized between them, see 
“Connecting to Other GroupWise Systems” in the GroupWise 2012 Multi-System Administration Guide. 


Software Directory Management 


The Software Directory Management feature lets you manage GroupWise software distribution 
directories. A software distribution directory is simply a copy or partial copy of the downloaded 
GroupWise 2012 software image located on a network server. Diagrams of the contents of software 
distribution directories are provided in “Directory Structure Diagrams” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure: 


* “Linux Software Distribution Directory” 
+ “Windows Software Distribution Directory” 
From this network location, you can distribute the GroupWise Windows client software to users or 


install additional GroupWise software such as the Message Transfer Agent, Post Office Agent, 
Internet Agent, WebAccess Application, Calendar Publishing Host Application, and Monitor. 


When you install GroupWise, one software distribution directory is created automatically. Using 
Software Directory Management, you can create additional software distribution directories, update 
existing software distribution directories, or delete existing software distribution directories. A single 
software distribution directory can service multiple post offices and can contain software for multiple 
platforms. 


+ Section 4.9.1, “Creating a Software Distribution Directory,” on page 85 
+ Section 4.9.2, “Updating a Software Distribution Directory,” on page 87 
+ Section 4.9.3, “Deleting a Software Distribution Directory,” on page 88 
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Creating a Software Distribution Directory 


During installation on a Linux server, the initial software installation directory is created 
automatically in /opt /novell/groupwise/software and the GroupWise agent software is 
automatically copied there. You can select additional GroupWise software components to copy into 
the initial software distribution directory. 


During installation on a Windows server, the default location for the software distribution directory 
is c:\grpwise\software, but you can change the location as needed. You can select any GroupWise 


software components to copy into the initial software distribution directory. 


After installation, you can create additional software distribution directories on any servers where 
you want the GroupWise software to be easily accessible for future installations. 


IMPORTANT: In general, for simplicity of administration in a multiple-platform environment, use 
Linux ConsoleOne to create and maintain software distribution directories on Linux servers. Use 


Windows ConsoleOne to create and maintain software distribution directories on Windows servers. 


1 In ConsoleOne, click Tools > GroupWise System Operations > Software Directory Management to 
display the Software Distribution Directory Management dialog box. 


Software Distribution Directory Management E x| 


Software Distribution Directories: 
Name | UNC Path | 
Corporate OES tijbd-oestoptinovelligroupwiseisoftware Create 


Corporate Windows  \\jbd-winicigrpwiselsoftware 


The Software Distribution Directories list includes all software distribution directories defined in 
your GroupWise system. 


2 Click Create to display the Create Software Distribution Directory dialog box. 


Create Software Distribution Directory. E 


E On 
Description: _Sancel_| 


PO Help 


Location 
UNC Path: 
OOO e 


AppleTalk Path (optional): 


il. 


Linux Path (optional); 


F Copy software From: 


Distribution Directory; 
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3 Fillinthe following fields: 


Name: Specify a name to identify the software distribution directory within your GroupWise 
system. For example, whenever you create a post office, you associate it with a software 
distribution directory. The software distribution directory's name, not its location, appears in the 
list of directories from which you can select. The name can include any characters; there are no 
restrictions. 


Description: Specify an optional description for the software distribution directory. You might 
want to use this description to indicate the software version or to give other pertinent 
information. 


Location: Specify the location where you want to create the new software distribution directory. 
If you specify a path to a directory that does not exist, ConsoleOne creates the directory for you. 


Linux In the UNC Path field, specify the location where you want to create the new software 

ConsoleOne: distribution directory in UNC path format. Linux ConsoleOne automatically converts the 
UNC path format into a Linux path from the point of view where you are running 
ConsoleOne 


The GroupWise Windows client software can be distributed from a Linux server rather 
than a Windows server, if the required cross-platform connection as been established, as 
described in Section 77.1, “Using GroupWise AutoUpdate and SetuplP to Distribute the 
GroupWise Windows Client,” on page 1069. However, you must use Windows 
ConsoleOne in order to specify the UNC path as reguired to access the Windows client 
software, because Linux ConsoleOne converts the UNC path into a Linux path, which 
makes the Windows client software inaccessible from the point of view of Windows. 


The AutoUpdate functionality does not apply to the GroupWise Linux client. 


GroupWise Linux administration, agents, and applications can be installed on new Linux 
servers after the software has been distributed to those servers. 


In the Linux Path field, specify the location of the software distribution directory as a 
Linux path from the point of view of the Linux POA that needs to access it. This is 
reguired when the software distribution directory is on a Linux Server. 


Windows In the UNC Path field, specify the location where you want to create the new software 
ConsoleOne: distribution directory in UNC path format. Do not use mapped drive format. 


If you enable AutoUpdate, as described in Section 77.1, “Using GroupWise AutoUpdate 
and SetuplP to Distribute the GroupWise Windows Client,” on page 1069, the 
GroupWise Windows client checks this location for software updates. 


IMPORTANT: If the Windows client software is located in a software distribution directory 
on a Linux Server, you must use Windows ConsoleOne in order to specify the UNC path 
to access the Windows client software. Linux ConsoleOne converts the UNC path into a 
Linux path, which makes the Windows client software inaccessible from the point of view 
of Windows. 


GroupWise Windows administration, agents, and applications can be installed on new 
Windows servers after the software has been distributed to those servers. 


Copy Software From: Select this option to copy GroupWise software from the existing location 
to the new location, then choose from the following source locations: 


+ Software Distribution Directory: If you want to copy software from an existing software 
distribution directory, select this option, then select the software distribution directory. All 
directories are copied. 


¢ Path: If you want to copy software from a location that is not defined as a software 
distribution directory in your Group Wise system, such as the downloaded GroupWise 2012 
software image, select this option, then browse to and select the correct path. 
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4 Click OK to create the software distribution directory and add it to the list. 


\\jbd-oes\opt\novell\groupwise\software 


\\ibd-Inx\opt\novell\groupwise\software 
Corporate Windows — \\jbd-win\c\grpwise\software 


5 Click Close to exit the dialog box. 


Each time it starts, the POA checks to make sure it can access the software distribution directory that 
is assigned to its post office. If it encounters a problem accessing its software distribution directory, 
the POA notifies you of the problem through the POA agent console and the POA log file. This helps 
ensure that each software distribution directory is always available. 


Updating a Software Distribution Directory 


When you install updated GroupWise software, the installation process includes updating one 
software distribution directory. After installation, you use the Software Directory Management 
feature to copy the updated software to all other software distribution directories in your GroupWise 
system. 


1 In ConsoleOne, click Tools > GroupWise System Operations > Software Directory Management to 
display the Software Distribution Directory Management dialog box. 


Software Distribution Directory Management x| 
Software Distribution Directories: dose | 
[nome | UNC Path 

Edit 
Update 


‘Corporate OES \\jbd-oes\opt\novell\groupwise\software 
Corporate SLES \\ibd-Inx\opt\novell\groupwise|software | 


Corporate Windows — \\jbd-win\c\grpwise|software 


Delete | 


Help 


The Software Distribution Directories list includes all software distribution directories defined in 
your GroupWise system. 


2 Select the software distribution directory to update, then click Update to display the Update 
Software Distribution Directory dialog box. 
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| Force auto-update check by GroupWise components 


3 Fill in the following fields: 


Update by Copying From: Select this option, then choose from the following source locations: 


+ Software Distribution Directory: If you want to copy updated software from an existing 
software distribution directory, select this option, then select the software distribution 
directory. All files and subdirectories are copied. 


¢ Path: If you want to copy updated software from a location that is not defined as a software 
distribution directory in your GroupWise system, such as the downloaded GroupWise 2012 
software image, select this option, then browse for and select the correct path. 


Force Auto-Update Check by GroupWise Components: This option causes the GroupWise Post 
Office Agent to check the software distribution directory for a new version of the GroupWise 
Windows client. If a new version is found, the next time a user starts the GroupWise Windows 
client, he or she is prompted to update the client software. 


Select this option to automatically inform users whenever updated software is available. 


Even if you do not select the Update by Copying From option, you can still select this option, then 
click OK. This forces an auto-update check of the client software version, but the software 
distribution directory’s files are not updated. 


To determine the current client software version in ConsoleOne, click Tools > GroupWise 
Diagnostics > Record Enumerations to display a list of record types in the domain database. From 
the drop-down list, select Areas by ID, select a software distribution directory, then click Info to 
list detailed information about the software distribution directory. Look at the Software Version 
field to determine the GroupWise client software version. 


4 Click OK to update the directory’s software. 


Deleting a Software Distribution Directory 


When you delete a software distribution directory, the directory is removed from the file system and 
no longer appears in the list of software distribution directories. You cannot delete a software 
distribution directory if any post offices are still configured to access it. 


To delete a software distribution directory: 


1 In ConsoleOne, click Tools > GroupWise System Operations > Software Directory Management to 


display the Software Distribution Directory Management dialog box. 
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Software Distribution Directories: 


Name UNC Path 
Corporate OES \\jbd-oes\opt\novell\groupwise\software 


Corporate SLES \\ibd-Inx\opt\novell\groupwise|software 
Corporate Windows — \\jbd-win\c\grpwise|software 


The Software Distribution Directories list includes all software distribution directories defined in 


your GroupWise system. 


2 Select the directory to delete, click Delete, then click Yes to confirm the deletion. 


Restore Area Management 


A restore area is a location you designate to hold a backup copy of a post office so that you or 
GroupWise users can access it to retrieve mailbox items that are unavailable in your live GroupWise 


system. The Restore Area Management feature lets you manage your GroupWise system's restore 


areas. 


Detailed information for using restore areas is provided in Section 32.5, “Restoring Deleted Mailbox 
Items,” on page 435. Information about backing up post offices is provided in Section 31.2, “Backing 


Up a Post Office,” on page 431. 


Internet Addressing 


By default, GroupWise uses a proprietary address format consisting of a user’s ID, post office, and 


domain (userID.post_office.domain). After you install the GroupWise Internet Agent (GWIA), you can 


configure your GroupWise system to handle one or more formats of Internet email addresses. For 


setup instructions, see Chapter 52, “Configuring Internet Addressing,” on page 743. 
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4.12 Trusted Applications 


Trusted applications are third-party programs that can log into Post Office Agents (POAs) and 
Internet Agents (GWIAs) in order to access GroupWise mailboxes without needing personal user 
passwords. Trusted applications might perform such services as message retention or 
synchronization with mobile devices. The Trusted Application feature allows you to edit and delete 
trusted applications that are available in your GroupWise system. 


For information about creating and installing trusted applications, search for GroupWise Trusted 
Application API at the Novell Developer Kit Web site (http://developer.novell.com/wiki/index.php/ 
Category:Novell_Developer_Kit). For security guidelines for managing trusted applications, see 
Section 93.6, “Protecting Trusted Applications,” on page 1154 

+ Section 4.12.1, “Creating a Trusted Application and Key,” on page 90 

+ Section 4.12.2, “Editing a Trusted Application,” on page 92 


+ Section 4.12.3, “Deleting a Trusted Application,” on page 93 


4.12.1 Creating a Trusted Application and Key 


A trusted application key allows a third-party program to authenticate to the POA or the GWIA and 
obtain GroupWise information that would otherwise be available only by logging in to GroupWise 
mailboxes. You can create a trusted application and its associated key in ConsoleOne for use with 
both Linux and Windows trusted applications. 


1 Click Tools > GroupWise System Operations > Trusted Applications to display the Configure Trusted 
Applications dialog box. 


Configure Trusted Applications 


Trusted Applications: 


IntellisyncMobileSuite = 


2 Click Create. 


Edit Trusted Application 


Name: 


Description: 


TCP/IP Address: 


Reguires SSL 


Provides Message Retention Service 


Location for key file: 
Name of key file: 
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3 Fillinthe following fields as needed for your trusted application: 
Name: Specify the name of the trusted application as you want it to be listed in ConsoleOne. 
Description: Specify a description for the trusted application. 


TCP/IP Address: If you want to restrict the location from which the trusted application can run, 
specify the IP address of the server from which the application can run. To do so, click the Edit 
(pencil) button, then specify the IP address or DNS hostname of the trusted application’s server. 


If you want to allow the trusted application to be run from any server, do not specify an IP 
address or DNS hostname. 


IMPORTANT: If you are creating the trusted application for use with the Data Synchronizer 
Connector for GroupWise, as described in “GroupWise Trusted Application” in “Mobility Pack 
Installation” in the Mobility Pack Installation Guide, do not specify an IP address or DNS 
hostname. 


Requires SSL: Select this option to require a secure (SSL) connection between the trusted 
application and POAs and GWIAs. 


Provides Message Retention Service: Select this option if the purpose of the trusted application 
is to retain GroupWise user messages by copying them from GroupWise mailboxes into another 
storage medium. 


Turning on this option defines the trusted application as a Message Retention Service 
application. However, in order for GroupWise mailboxes to support message retention, you 
must also turn on the Enable Message Retention Service option in GroupWise Client Options (Tools 
> GroupWise Utilities > Client Options > Environment > Retention). You can enable individual 
mailboxes, all mailboxes in a post office, or all mailboxes in a domain by selecting the 
appropriate object (User, Post Office, or Domain) before selecting Client Options. For more 
information, see Chapter 76, “Setting Defaults for the GroupWise Client Options,” on page 1025. 


For information about the complete process required to use a trusted application for message 
retention, see Chapter 33, “Retaining User Messages,” on page 441. 


Allow Access to Archive Service: Select this option if your message retention service interacts 
with an archive service. Different archive services provide differing storage alternatives 
(memory, disk, or tape, for example) and differing alternatives for speed and cost. You can 
configure multiple archive services for your GroupWise system. 


For more information about configuring GroupWise to work with an archive service, see 
Section 4.2.7, “Archive Service Settings,” on page 77. 


Archive Service Address: If the trusted application for the message retention service uses the 
GroupWise Stubbing API (http://developer.novell.com/wiki/index.php/GroupWise_Stubbing), 
specify the IP address or DNS hostname of the server where the archive service is running. This 
allows the POA to interact directly with the archive service in support of the message retention 
service. The advantage to this configuration is that the archive service can be behind the firewall 
along with the POA. If retrieval is required, the POA accesses the archive service and provides 
the retrieved data to the GroupWise client. 


If the message retention trusted application does not use the GroupWise Stubbing API, do not 
specify an IP address or DNS hostname. Without the Stubbing API, the trusted application 
communicates with the POA to create stubs for archived messages. The stubs contain the URLs 
for the archived messages. When a GroupWise user clicks the stub for an archived message, the 
GroupWise client accesses the URL to retrieve the archived message. 


Archive Service Requires SSL: Select this option if you want to use a secure connection 
between the message retention service and the archive service. 


Location for Key File: Browse to and select the directory where you want to create the trusted 
application key file. 
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Name of Key File: Specify the name of the trusted application key file to create. The third-party 
program must be designed to successfully access the trusted application key file where you 
create it. 


4 Click OK to save the trusted application configuration information. 


For information about how the POA handles trusted application processing of message files, see 
Section 36.3.6, “Configuring Trusted Application Support,” on page 517. 


4.12.2 Editing a Trusted Application 


92 


You can edit a trusted application’s description, IP address, port, and SSL settings. 


1 Click Tools > GroupWise System Operations > Trusted Applications to display the Configure Trusted 
Applications dialog box. 


Configure Trusted Applications 


Trusted Applications: 


TntellisyncMobileSuite ET 


Edit Trusted Application 


Name: IntellisyncMobileSuite 


Description: intellisync Mobile Suite for GroupWise 


TCP/IP Address: 


Requires SSL 


Provides Message Retention Service 


{ OK Cancel Help 


3 Modify the following fields as needed for your trusted application: 
Name: This field displays the trusted application’s name. You cannot change the name. 
Description: Specify a description for the trusted application. 


TCP/IP Address: If you want to restrict the location from which the trusted application can run, 
specify the IP address of the server from which the application can run. To do so, click the Edit 
(pencil) button, then specify the IP address or DNS hostname of the trusted application’s server. 


If you want to allow the trusted application to be run from any server, do not specify an IP 
address or DNS hostname. 


Requires SSL: Select this option to require a secure (SSL) connection between the trusted 
application and POAs and GWIAs. 
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Provides Message Retention Service: Select this option if the purpose of the trusted application 
is to retain GroupWise user messages by copying them from GroupWise mailboxes into another 
storage medium. 


Turning on this option defines the trusted application as a Message Retention Service 
application. However, in order for GroupWise mailboxes to support message retention, you 
must also turn on the Enable Message Retention Service option in GroupWise Client Options (Tools 
> GroupWise Utilities > Client Options > Environment > Retention). You can enable individual 
mailboxes, all mailboxes in a post office, or all mailboxes in a domain by selecting the 
appropriate object (User, Post Office, or Domain) before selecting Client Options. For more 
information, see Chapter 76, “Setting Defaults for the GroupWise Client Options,” on page 1025. 


For information about the complete process required to use a trusted application for message 
retention, see Chapter 33, “Retaining User Messages,” on page 441. 


Allow Access to Archive Service: Select this option if you have also installed an archive service, 
as described in Section 4.2.7, “Archive Service Settings,” on page 77. Specify the IP address or 
DNS hostname of the server where the archive service is running. Select Archive Service Requires 
SSL if you want to use a secure connection between the message retention service and the 
archive service. 


4 Click OK to save the trusted application configuration information. 


For information about how the POA handles trusted application processing of message files, see 
Section 36.3.6, “Configuring Trusted Application Support,” on page 517. 


4.12.3 Deleting a Trusted Application 


1 Click Tools > GroupWise System Operations > Trusted Applications to display the Configure Trusted 
Applications dialog box. 


Configure Trusted Applications 


Trusted Applications: 


IntellisyncMobileSuite 


2 Inthe Trusted Applications list, select the application you want to delete, click Delete, then click Yes 
to confirm the deletion. 


4.13 LDAP Servers 


The LDAP Servers feature lets you define the LDAP servers you want to use for LDAP authentication 
to GroupWise mailboxes. For setup instructions, see “Providing LDAP Authentication for 
GroupWise Users” on page 510. 
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4.14 Global Signatures 


You can build a list of globally available signatures that can be automatically appended to messages 
sent by GroupWise client users. The global signature is appended to messages after any personal 
signatures that users create for themselves. For setup instructions, see Section 14.3, “Adding a Global 


Signature to Users’ Messages,” on page 231. 
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9.1 


GroupWise Utilities 


The GroupWise utilities in ConsoleOne are used to perform various maintenance and configuration 
tasks for your GroupWise system. The following sections provide information about the system 
utilities included on the Tools menu (Tools > GroupWise System Utilities): 

+ Section 5.1, “Mailbox/Library Maintenance,” on page 95 

+ Section 5.2, “System Maintenance,” on page 96 

+ Section 5.3, “Backup/Restore Mailbox,” on page 96 

+ Section 5.4, “Recover Deleted Account,” on page 96 

+ Section 5.5, “Client Options,” on page 96 

+ Section 5.6, “Expired Records,” on page 96 

+ Section 5.7, “Email Address Lookup,” on page 96 

+ Section 5.8, “Synchronize,” on page 97 

+ Section 5.9, “User Move Status,” on page 97 

+ Section 5.10, “Link Configuration,” on page 97 

+ Section 5.11, “Document Properties Maintenance,” on page 97 

+ Section 5.12, “New System,” on page 98 

+ Section 5.13, “Check eDirectory Schema,” on page 98 

+ Section 5.14, “Gateway Alias Migration,” on page 98 

+ Section 5.15, “GW / eDirectory Association,” on page 99 

+ Section 5.16, “Standalone GroupWise Utilities,” on page 103 
In addition to the system utilities included on the Tools menu in ConsoleOne, GroupWise includes 
the following standalone utilities: 

+ GroupWise Check Utility (GWCheck) 

+ GroupWise Backup Time Stamp Utility (GWTMSTMP) 

+ GroupWise Database Copy Utility (DBCOPY) 

+ GroupWise Generate CSR Utility (GWCSRGEN) 


Mailbox/Library Maintenance 


You can use the Mailbox/Library Maintenance utility to check the integrity of and repair user/ 
resource, message, and library databases, and to free disk space in post offices. 


For detailed information and instructions, see Chapter 27, “Maintaining User/Resource and Message 
Databases,” on page 409, Chapter 28, “Maintaining Library Databases and Documents,” on page 415, 
and Chapter 30, “Managing Database Disk Space,” on page 423. 
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5.2 


5.3 


5.4 


5.5 


5.7 


System Maintenance 


You can use the System Maintenance utility to check the integrity of and repair domain and post 
office databases. 


For detailed information and instructions, see Chapter 26, “Maintaining Domain and Post Office 
Databases,” on page 401. 


Backup/Restore Mailbox 


You can use the Backup/Restore Mailbox utility to restore an individual user’s Mailbox items from a 
backup copy of the post office database. 


For detailed information and instructions, see Chapter 31, “Backing Up GroupWise Databases,” on 
page 431 and Chapter 32, “Restoring GroupWise Databases from Backup,” on page 433. 


Recover Deleted Account 


If you have a reliable backup procedure in place, you can use the Recover Deleted Account utility to 
restore recently deleted user and resource accounts from the backup version of the GroupWise 
primary domain database. After the account has been re-created, you can then restore the 
corresponding mailbox and its contents to complete the process. Membership in distribution lists and 
ownership of resources must be manually re-established. 


For complete instructions, see Section 32.6, “Recovering Deleted GroupWise Accounts,” on page 438. 


Client Options 


You can use the Client Options utility to set the default options (preferences) for the GroupWise 
client. You can set options at the domain, post office, or user level. Options set at the domain level 
apply to all users in the domain, and options set at the post office level apply to all users in the post 
office. If you don’t want users to change options, you can lock the options. 


For detailed information and instructions, see Chapter 76, “Setting Defaults for the GroupWise Client 
Options,” on page 1025. 


Expired Records 


You can use the Expired Records utility to view and manage the GroupWise user accounts that have 
an expiration date assigned to them. 


For detailed information and instructions, see Chapter 14.11, “Removing GroupWise Accounts,” on 
page 255. 


Email Address Lookup 


You can use the Email Address Lookup utility to search for the GroupWise object (User, Resource, 
Distribution List) that an email address is associated with. You can then view the object's 
information. For more information, see Section 14.7.1, “Ensuring Unique Email Addresses,” on 
page 248. 
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5.8 


5.9 


5.10 


9.11 


Synchronize 


GroupWise automatically replicates information (domain, post office, user, resource, and so on) to all 
domain and post office databases throughout your GroupWise system. This ensures that the 
information in each database is synchronized. 


Situations might occur, however, that result in information not being replicated to all domain and 
post office databases. If you think that some information has not been replicated correctly, you can 
cause the information to be replicated again so that it becomes synchronized throughout your entire 
GroupWise system. For example, if you notice that a user's information is incorrect in the Address 
Book, you can synchronize that user's eDirectory User object so that his or her information is 
replicated to all domain and post office databases again. 


For detailed information and instructions, see Chapter 29, “Synchronizing Database Information,” on 
page 419. 


User Move Status 


You can use the User Move Status utility to track progress as you move users from one post office to 
another. Using the User Move Status utility, you can: 


+ List users that are currently being moved and filter the list by domain, post office, and object. 


+ View the current status of the move for each object and see any errors that have occurred. 


+ Immediately retry a move where some of the information on the user inventory list failed to 
arrive at the destination post office. By default, the POA retries automatically every 12 hours for 
seven days to move all the information included on the user inventory list. 


* Stop the POA from continuing its automatic retries. 
+ Restart (from the beginning) a move that has stopped before successful completion. 


+ Refresh the list to display current move status and clear completed moves from the list. 


For more information, see Section 14.4.5, “Monitoring User Move Status,” on page 240. 


Link Configuration 


GroupWise domains and post offices must be properly linked in order for messages to flow 
throughout your GroupWise system. You can use the Link Configuration utility to ensure that your 
domains and post offices are properly linked and to optimize the links if necessary. For detailed 
information and instructions, see Chapter 10, “Managing the Links between Domains and Post 
Offices,” on page 155. 


Document Properties Maintenance 


Each document stored in the GroupWise Document Management Services (DMS) has properties 
associated with it. These properties identify the document, determine its disposition (archive, delete, 
keep), set its level of security, and provide information for locating it in searches. Certain document 
properties are standard in GroupWise. You can also customize DMS for your organization by 
defining additional properties. For detailed information and instructions, see Section 23.2.1, 
“Customizing Document Properties,” on page 362. 


NOTE: On Linux, Document Properties Maintenance is not available in ConsoleOne. 
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5.12 


5.13 


5.14 


New System 


You can use the New System utility to create a new GroupWise system. 


The process for creating a new GroupWise system is similar to the process of creating your initial 
GroupWise system (see “Installing a Basic Group Wise System” in the GroupWise 2012 Installation 
Guide), except that you don't install the software from the downloaded GroupWise 2012 software 
image. Instead, during creation of the new system, you are asked to specify an existing software 
distribution directory to use in the new system. If you don't want to share software distribution 
directories between systems, you should create a new distribution directory. For information about 
creating software distribution directories, see Section 4.9, “Software Directory Management,” on 
page 84. 


Check eDirectory Schema 


GroupWise systems include GroupWise-specific objects that are not available in eDirectory until the 
eDirectory schema for the tree has been extended for these objects. Schema extension takes place 
automatically when you create a GroupWise system using the GroupWise Setup Advisor. You can 
check an eDirectory tree to determine whether its schema has been extended for Group Wise. 


1 In ConsoleOne, select a tree to check. 
2 Click Tools > GroupWise Utilities > Check eDirectory Schema. 


If the eDirectory tree has not yet been extended for GroupWise, the eDirectory Schema 
Extension dialog box lists the changes that are reguired for GroupWise. 


3 Click Yes to extend the schema for GroupWise so that you can create GroupWise objects in the 
selected tree. 


Or 


Click No if you decide you do not want to be able to create GroupWise objects in the selected 
tree. 


If the schema of the tree has already been extended for GroupWise objects, a message notifies you of 
this and you can immediately create new GroupWise objects in the selected tree. 


Gateway Alias Migration 


If you have been using SMTP gateway aliases to handle email addresses that do not fit the default 
format expected by the Internet Agent (GWIA) or to customize users” Internet addresses, the 
Gateway Alias Migration utility can convert the user names in those gateway aliases into preferred 
email IDs. The Preferred E-Mail ID feature was first introduced in GroupWise 6.5 and is the 
suggested method for overriding the current email address format, as described in Section 14.7.2, 
“Changing a User's Internet Addressing Settings,” on page 249. The Gateway Alias Migration utility 
can also update users’ preferred Internet domain names based on their existing gateway aliases. 


For usage instructions, see Section 52.3, “Transitioning from SMTP Gateway Aliases to Internet 
Addressing,” on page 754. 
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5.15 


5.15.1 


GW | eDirectory Association 


The GW / eDirectory Association menu includes the following options: 


+ Section 5.15.1, “Graft Group Wise Objects,” on page 99 

+ Section 5.15.2, “Invalid Associations,” on page 100 

+ Section 5.15.3, “Associate Objects,” on page 101 

+ Section 5.15.4, “Disassociate GroupWise Attributes,” on page 102 
+ Section 5.15.5, “Convert External Entity to User,” on page 102 

+ Section 5.15.6, “Convert User to External Entity,” on page 103 


Graft GroupWise Objects 


You can use the Graft GroupWise Objects utility to create GroupWise objects in the eDirectory tree 
from the information in your GroupWise domain database. The utility creates Domain, Post Office, 
and Gateway objects as well as User, Resource, and Distribution List objects. When grafting 
GroupWise user information from the GroupWise database into eDirectory, you can match the 
GroupWise user information to an existing User object, or you can create a new GroupWise External 
Entity object and convert it into an eDirectory User object, as described in Section 5.15.5, “Convert 
External Entity to User,” on page 102. 


Grafting GroupWise objects from the GroupWise database into eDirectory can be useful in the 
following situations: 
* The GroupWise database includes information that is not included in eDirectory. 
+ You want to move GroupWise information (domains, post offices, gateways, users, or resources) 
from one eDirectory tree to another. 


To graft Group Wise objects: 


1 In ConsoleOne, select a container in the eDirectory view. 


2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Graft GroupWise Object to display 
the Graft GroupWise Objects dialog box. 


Graft GroupWise Objects 


Graft GroupWise Objects 


This advisor helps you create GroupWise objects in eDirectory 
from the information in the Groupwise directory (domain 
database). 


Novell. 


Which GroupWise objects do you want to graft? 
(° Domains, post offices, and gateways 


Users, resources, distribution lists, and libraries 


Cancel | Help | 


3 Follow the on-screen prompts. If you need information about a dialog box, click the Help button. 
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5.15.2 Invalid Associations 


Normally, a GroupWise object in eDirectory points to corresponding information in the GroupWise 
domain database. In turn, the information in the GroupWise domain database points back to its 
corresponding object in eDirectory. 


Occasionally, a situation might arise where information in the GroupWise domain database no longer 
points to the same eDirectory object that points to it. This results in an invalid association between 
the information in the two directories. 


You can use the Invalid Associations utility to correct invalid associations between information in the 
GroupWise domain database and eDirectory. 


To check for invalid associations: 


1 Inthe eDirectory View in ConsoleOne, select the container whose objects you want to check for 
invalid associations (for example, an Organization, Organizational Unit, Domain, or Post 
Office). 


2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Invalid Associations to display the 
Invalid Associations dialog box. 


Invalid Associations 


Po —Y 


Below is a list of the invalid associations of Provo3. Select the eDirectory object(s) to 
disassociate or delete. 


| - Object in question Il - GroupWise object Il - Linked to object 
GWDOC TREE/Orem.Gr... |JOrem CORP TREE/Orem.novell 
GWDOC_TREE/Facilities...|Orem.Facilities CORP_TREE/Facilities.n... 


The object in column | has an invalid association to the GroupWise object in column Il. The 
GroupWise object is currently associated to the object in column Ill. 


Cancel Hep | 


The dialog box lists each invalid association for the objects in the selected container. The dialog 
box fields are described below: 


+ Object in Question (Column I): This field lists the eDirectory object that has an invalid 
association to a GroupWise object. The eDirectory object points to the GroupWise object 
listed in Column II, but the GroupWise object, according to the GroupWise domain 
database, does not point back to the eDirectory object. 


+ GroupWise Object (Column IT): This field lists the GroupWise object to which the 
eDirectory object listed in Column [is associated. 
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+ Linked to Object (Column III): This field lists the eDirectory object to which the 
GroupWise object listed in Column II has a valid association. 


3 To remove the invalid association by disassociating the eDirectory object in Column I with the 
GroupWise object in Column II, select the association, then click Disassociate. 


4 To remove the invalid association by deleting the eDirectory object listed in Column I, select the 
association, then click Delete. 


Associate Objects 


You can use the Associate Objects utility to associate GroupWise information with an eDirectory 
object. 


For example, if you delete a user’s eDirectory account but not his or her GroupWise account, the 
user’s GroupWise information is retained as a GroupWise External User object in the GroupWise 
database and can be viewed in the GroupWise View. You can then associate the GroupWise External 
User object with another eDirectory User object. In essence, you are moving the GroupWise 
information from one eDirectory User object to another. 


In some circumstances, it is possible for the link between an eDirectory User object and its 
GroupWise information to be lost. If this occurs, the GroupWise information, which still exists in the 
GroupWise database, appears as a GroupWise External User object in the GroupWise View. You can 
use the Associate Objects utility to reassociate the GroupWise information with the eDirectory User 
object. 


The Associate Objects utility can be used to associate the following objects: 


+ GroupWise User or External User objects with eDirectory User objects 


* GroupWise External Entity objects with eDirectory External Entity objects 


Associating GroupWise User or External User Objects with eDirectory User 
Objects 


1 Inthe GroupWise View in ConsoleOne, select the GroupWise User or External User object you 
want. 


or 
In the eDirectory View, select the eDirectory User object you want. 
2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Associate Objects. 


3 If you selected a GroupWise User or External User object in Step 1, select the eDirectory User 
object you want to associate with it. 


or 


If you selected an eDirectory User object in Step 1, select the GroupWise User object you want to 
associate with it. 


4 Click OK to create the association. 


If the eDirectory User object is already associated with another GroupWise object, you receive a 
warning message indicating this. If you continue, the eDirectory User object is associated with 
the selected GroupWise object and its association with the other GroupWise object is removed. 


If the GroupWise User or External User object is already associated with another eDirectory 
User object, you receive a warning message indicating this. If you continue, the GroupWise User 
object is associated with the selected eDirectory object and its association with the other 
eDirectory object is removed. 
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5.15.4 


5.15.5 


Associating GroupWise External Entity Objects with eDirectory External Entity 
Objects 


1 Inthe GroupWise View in ConsoleOne, select the GroupWise External Entity object you want. 
or 
In the eDirectory View, select the eDirectory External Entity object you want. 

2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Associate Objects. 


3 If you selected a GroupWise External Entity object in Step 1, select the eDirectory External Entity 
object you want to associate with it. 


or 


If you selected an eDirectory External Entity object in Step 1, select the GroupWise External 
Entity object you want to associate with it. 


4 Click OK to create the association. 


If the eDirectory External Entity object is already associated with another GroupWise object, you 
receive a warning message indicating this. If you continue, the eDirectory External Entity object 
is associated with the selected GroupWise object and its association with the other GroupWise 
object is removed. 


If the GroupWise External Entity object is already associated with another eDirectory External 
Entity object, you receive a warning message indicating this. If you continue, the GroupWise 
External Entity object is associated with the selected eDirectory object and its association with 
the other eDirectory object is removed. 


Disassociate GroupWise Attributes 


You can use the Disassociate GroupWise Attributes utility to disassociate GroupWise information 
from an eDirectory User object. This results in two separate eDirectory objects: 
¢ The User object, which no longer includes any GroupWise information. 


+ A GroupWise External User object, which represents the user's record in the GroupWise 
database and is displayed only in the GroupWise View. The External User object allows the user 
to continue to have access to GroupWise and also enables you to graft the user record to another 
eDirectory User object. For more information, see Section 5.15.1, “Graft GroupWise Objects,” on 
page 99. 


To disassociate the GroupWise attributes from an eDirectory User object: 


1 In ConsoleOne, select the User object whose GroupWise attributes you want to remove. 


2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Disassociate GroupWise Attributes. 


Convert External Entity to User 


You can use the Convert External Entity to User utility to convert a GroupWise External Entity object 
to an eDirectory User object. 


1 In ConsoleOne, select the GroupWise External Entity object that you want to convert to an 
eDirectory User object. 
2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Convert External Entity to User. 


3 Click Yes to confirm that you want the conversion performed. 
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5.15.6 Convert User to External Entity 


You can use the Convert User to External Entity utility to convert a User object to a GroupWise 
External Entity object. 


1 In ConsoleOne, select the User object that you want to convert to an GroupWise External Entity 
object. 
2 Click Tools > GroupWise Utilities > GW / eDirectory Associations > Convert User to External Entity. 


3 Click Yes to confirm that you want the conversion performed. 


5.16 Standalone GroupWise Utilities 


Although ConsoleOne provides the primary administrative tool for managing your GroupWise 
system, additional standalone utilities are provided to meet specialized needs. These utilities 
perform tasks that might be necessary in environments where ConsoleOne is not available. 

+ Section 5.16.1, “GroupWise Check Utility (GWCheck),” on page 103 

+ Section 5.16.2, “GroupWise Backup Time Stamp Utility (GWTMSTMP),” on page 103 

+ Section 5.16.3, “GroupWise Database Copy Utility (DBCOPY),” on page 104 

+ Section 5.16.4, “GroupWise Generate CSR Utility (GWCSRGEN),” on page 104 


5.16.1 GroupWise Check Utility (GWCheck) 


GroupWise Check is a standalone version of the ConsoleOne Mailbox/Library Maintenance utility. 
Like the Mailbox/Library Maintenance utility, GroupWise Check checks and repairs GroupWise user, 
message, library, and resource databases. However, in addition to checking post office, user, and 
library databases, it also checks users’ remote, caching, and archive databases. 


For information about using GroupWise Check, see Section 34.1, “GroupWise Check,” on page 447. 


5.16.2 GroupWise Backup Time Stamp Utility (GWTMSTMP) 


The GroupWise Backup Time Stamp utility (GWTMSTMP) can be used to place a time stamp on a 
GroupWise user database to indicate the last time the database was backed up. If a user deletes an 
item from his or her mailbox and purges it from the Trash, the item is only deleted from the user’s 
database if the time stamp shows that the item would have already been backed up. Otherwise, the 
item remains in the user’s database until the database is backed up, at which time it is deleted from 
the working database. 


For information about using the GroupWise Backup Time Stamp utility, see Section 34.2, 
“GroupWise Time Stamp Utility,” on page 457. 
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5.16.3 


5.16.4 


GroupWise Database Copy Utility (DBCOPY) 


The GroupWise Database Copy utility (DBCOPY) copies files from a live GroupWise system to a 
static location for backup. During the copy process, DBCOPY prevents the files from being modified, 
using the same locking mechanism used by other GroupWise programs that access databases. This 
ensures that the backed-up versions are consistent with the originals even when large databases take 
a substantial amount of time to copy. 


For information about using the Group Wise Database Copy utility, see Section 34.3, “GroupWise 
Database Copy Utility,” on page 463. 


GroupWise Generate CSR Utility (GWCSRGEN) 


To provide secure communication through an SSL (Secure Socket Layer) connection, the GroupWise 
Agents (MTA, POA, DVA, and GWIA) reguire access to a server certificate and private key. 


You can use the GroupWise Generate CSR utility (GWCSRGEN) to generate a Certificate Signing 
Reguest (CSR) file and a Private Key file. 


The CSR file, which is Base64 encoded, contains the information reguired for a Certificate Authority 
(CA) to issue you a server certificate. This server certificate, when paired with the private key 
generated by the GroupWise Generate CSR utility, enables GroupWise agents to use SSL connections. 


For information about SSL and certificates, see Section 83.2, “Server Certificates and SSL Encryption,” 
on page 1107. 
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6.1 


GroupWise Address Book 


The GroupWise Address Book plays a central role in a GroupWise user's experience with addressing 
messages. The default configuration of the Group Wise Address Book is often sufficient for a typical 
GroupWise system, but a variety of customization options are available to enable the GroupWise 
Address Book to meet user needs. 

+ Section 6.1, “Customizing Address Book Fields,” on page 105 

+ Section 6.2, “Controlling Object Visibility,” on page 110 

+ Section 6.3, “Updating Address Book Information,” on page 110 

+ Section 6.4, “Controlling Users’ Frequent Contacts Address Books,” on page 111 


+ Section 6.5, “Controlling Address Book Synchronization for Caching and Remote Client Users,” 
on page 112 


+ Section 6.6, “Publishing Email Addresses to eDirectory.,” on page 113 
+ Section 6.7, “Enabling Wildcard Addressing,” on page 114 
+ Section 6.8, “Adding External Users to the GroupWise Address Book,” on page 116 


NOTE: In addition to the administrator-controlled changes you can make to the Address Book, 
GroupWise users can make individual changes such as creating personal address books, sharing 
personal address books, and accessing LDAP address books. For information about the Address 
Book functionality available to users, see: 

+ “Contacts and Address Books” in the GroupWise 2012 Windows Client User Guide 


+ “Contacts and Address Books” in the GroupWise 2012 WebAccess User Guide 


Address books are not available in WebAccess Mobile. 


Customizing Address Book Fields 


The GroupWise clients displays specific fields in the GroupWise Address Book by default: 


Windows Client WebAccess 
Name Name 

E-Mail Address E-Mail Address 
Title 


Office Phone Number 


NOTE: Address Book fields in GroupWise WebAccess are set permanently and cannot be changed 
by you or by users. 
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Windows client users can add more columns to their own Address Book. In the client, users right- 
click the Address Book column header, then select a column from the drop-down list or click More 
Columns to display a longer list of possible columns. 


In ConsoleOne, you can add columns to the list that is displayed in the GroupWise clients when users 
click More Columns. This is configured at the domain level. 


NOTE: The Address Book configuration you establish becomes the default configuration for new 
GroupWise users in the domain. Changes to Address Book configuration do not affect existing users. 


+ Section 6.1.1, “Adding eDirectory Fields to the Address Book,” on page 106 
+ Section 6.1.2, “Adding LDAP Fields to the Address Book,” on page 107 

+ Section 6.1.3, “Changing the Default Sort Order,” on page 108 

+ Section 6.1.4, “Changing the Default Field Order,” on page 109 

+ Section 6.1.5, “Removing Fields from the Address Book,” on page 109 


» Section 6.1.6, “Preventing the User Description Field from Displaying in the Address Book,” on 
page 109 


6.1.1 Adding eDirectory Fields to the Address Book 


Adding an eDirectory field makes the field available in the GroupWise Address Book. Individual 
users can determine which available fields they want to display when they view the GroupWise 
Address Book in the GroupWise client. 


1 In ConsoleOne, right-click the Domain object whose Address Book you want to modify, then 
click Properties. 


2 Click GroupWise > Address Book to display the Address Book page. 


Properties of Waltham1 
NDS Rights + | Other | Rights to Files and Folders 


Sort address book by: First Name, Last Name 


Address Book Fields: Available Fields: 
Given Name (required) | ‘Account ID 
Last Name (required) (City 

Phone Company 
Department Description 
Title Home Phone 
Fax Location 
Object ID Middle Initial 
Post Office Name Mobile Phone 
Domain Name Other Phone 
Distinguished Name Pager Number 
Network ID Personal Title 
File ID PO Box 

(Postal Code 
{Qualifier 

State or Province 


Map Additional Fields 


*Administrator-defined field 


Do Not Display User Comments 


The Address Book Fields list shows all fields that are available for selection in the Address Book in 
the GroupWise client. 
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6.1.2 


The Available Fields list shows additional predefined GroupWise user fields that can be added to 
the Address Book. Novell eDirectory also includes user information that is not associated to 
GroupWise user fields. You can use the Map Additional Fields button to map eDirectory user 
fields to GroupWise fields so that they can be displayed in the GroupWise Address Book. 


3 To add a field that is not displayed in the Available Fields list, click Map Additional Fields, select an 


unmapped Admin-defined field, click Edit, select the eDirectory property to map to the Admin- 
defined field, then click OK twice to add it to the Available Fields list. 
To add fields independent of a specific domain's Address Book, use Tools > GroupWise System 
Operations > Admin-Defined Fields to display the Administrator-Defined Fields dialog box. The 
fields defined in this dialog box are available for selection and display in the Address Book 
belonging to any domain. For more information, see Section 4.4, “Admin-Defined Fields,” on 
page 79. 

4 Inthe Available Fields list, select the field you want to make available in the Address Book, then 
click the left-arrow to move it to the Address Book Fields list. 


The field is added to the bottom of the list. The Address Book displays the fields in the order 
they are listed. 


5 If necessary, select the field, then use the up-arrow and down-arrow to move the field to the 
appropriate location in the list. 


6 Ifthe field is an Administrator-defined field and you want to change how the field is labeled in 
the Address Book, select the field, click Edit Label, specify a new label in the Address Book Label 
field, then click OK. 


Administrator-defined fields are marked with an asterisk (*). You can only edit an 
Administrator-defined field that is in the Address Book Fields list. 


7 When you are finished, click OK in the Address Book page to save your changes. 


Adding LDAP Fields to the Address Book 


A number of LDAP fields available in ConsoleOne are not listed on the Address Book property page 
of the Domain object. These LDAP fields can also be added to the GroupWise Address Book by 
making them visible in eDirectory. 


1 In ConsoleOne, right-click your Tree object, then click Properties. 


Properties of CORP. TREE (x) 


NDS Rights + | Other | General | Rights to Files and Folders | 
Trustees of this Object | 


The following are assigned trustees of: [Root] 


m [This] Add Trustee... 


8 admin Docdev Novell 


Delete Trustee... 


Assigned Rights... 


Effective Rights... 


Page Options... OK Cancel Apply Help 
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2 Select Public, click Assigned Rights, then click Add Property. 


Add Property 


Supported Services 
Supported Typefaces 


Surname 

Svelnfo 

SveType 

SycTypelD 
Synchronization Tolerance 
Synchronized Up To 

T 


Telephone Nurnber 
Timezone 


Transitive Vector 
Trustees Of New Object 
Type Creator Map 
UID 

IV Show all properties 


OK | Cancel Help | 


In the Add Property dialog box, all capitalized property names sort ahead of all uncapitalized 
property names. 


3 Select Show All Properties, scroll down to locate the property you want to add to the GroupWise 
Address Book, select the property (for example, Title), then click OK. 


Rights assigned to: [Public] 
On object: [Root] 
Property 


E A [T Supervisor 
Ÿ [All Attributes Rights] 7 
4 [Entry Rights] V Compare 
IV Read 


Write 


[~ Add Selt 


I Inheritable 


Add Property... 
Delete Property 


Cancel Help 


4 With the new property highlighted, select Inheritable, then click OK twice to save the new 
property settings. 


When you return to the Address Book property page of the Domain object, you can select the new 
property to display in the GroupWise Address Book, as described in Section 6.1.1, “Adding 
eDirectory Fields to the Address Book,” on page 106. 


6.1.3 Changing the Default Sort Order 


NOTE: The Sort Address Book By field on the Address Book page of the Domain object is obsolete and 
no longer affects Address Book sorting in the GroupWise clients. 


The sort order determines whether addresses in the Address Book are sorted by first name or last 
name. The sort order you establish becomes the default for the Address Book and remains in effect 
until individual users change it. 
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The preset default sort order for the Address Book is First Name/Last Name. You can change the 
default sort order to Last Name/First Name. 


On the Address Book page of the Domain object: 


1 Inthe Sort Address Book By list, select the sort order you want to be the default. 
2 Click OK to save your changes. 


6.1.4 Changing the Default Field Order 


The field order determines the order in which the GroupWise fields are displayed in the Address 
Book. The field order you establish becomes the default for the Address Book and remains in effect 
until individual users change the order. 


On the Address Book page of the Domain object: 
1 Inthe Address Book Fields list, select a field whose position you want to change, then use the up- 
arrow and down-arrow to move the field to its new position. 
2 Repeat Step 1 until you have established the field order you want. 
3 Click OK to save your changes. 


6.1.5 Removing Fields from the Address Book 


If there are fields in the Address Book that are not used or that you don't want displayed to users, 
you can remove them. 


On the Address Book page of the Domain object: 


1 Inthe Address Book Fields list, select the field you want to remove, then click the right-arrow to 
move the field to the Available Fields list. 
The fields in the Available Fields list are not displayed in the Address Book. 

2 Repeat Step 1 to remove additional fields you don't want to use. 


3 Click OK to save your changes. 


6.1.6 Preventing the User Description Field from Displaying in the Address 
Book 


The GroupWise Address Book provides detailed user information as well as email addresses. A 
user's detailed information includes a comments field that displays the information stored in the 
User object Description field (User object > General > Identification). If you have included information in 
the Description field that you don't want displayed in the GroupWise Address Book, you can prevent 
the field’s contents from being displayed. 


TIP: To view a user's detailed information, including the comments field, in the Address Book, select 
the user's address, then click View > Details. 


On the Address Book page of the Domain object: 


1 Enablethe Do Not Display User Comments option. 
2 Click OK to save your changes. 
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6.2 


6.3 


Controlling Object Visibility 


An object's visibility determines which post office databases the object's information is distributed to. 
A post office’s users can only see an object’s information in the Address Book if the object's 
information has been distributed to its post office. 


Visibility applies to the following objects: user, external user, external entity, resource, external 
resource, distribution list, eDirectory group, eDirectory organizational role, and nickname. 


IMPORTANT: Unlike the other objects listed above, nicknames that have been distributed to a post 
office do not actually appear in the post office’s Address Book. Users must type the nickname’s 
address in the message rather than select it from the Address Book. 


You can choose from the following visibility levels: 


+ System: The object is visible in every post office Address Book throughout the system; if 
external system synchronization is turned on, itis also available for distribution to other 
GroupWise systems. This is the default for users, external users, resources, external resources, 
external entities, and nicknames. 


+ Domain: The object is visible only in the Address Book of the post offices located in the object's 
domain. 


* Post Office: The object is visible only in the Address Book of the object's post office. This is the 
default for distribution lists, groups, and organizational roles. 


+ None: The object is not visible in the Address Book of any post offices. 
For information about setting visibility for various GroupWise objects, see: 


+ Section 14.7.3, “Changing a User's Visibility in the Address Book,” on page 251 

+ Section 16.7.2, “Changing a Resource's Visibility in the Address Book,” on page 275 

+ Section 18.9.2, “Changing a Distribution List's Visibility in the Address Book,” on page 296 

+ Section 19.3, “Changing a Groups Visibility in the Address Book,” on page 304 

+ Section 20.3, “Changing an Organizational Role's Visibility in the Address Book,” on page 309 


Updating Address Book Information 


Each post office database includes all the information displayed in the GroupWise Address Book that 
is stored in the domain. By keeping the information in the post office, the post office's users have 
guick access to it. Whenever changes are made in eDirectory that affect Address Book information, 
the information is replicated to each domain database and each post office database. 


If information ina post office's Address Book is out-of-date or missing, you can synchronize the 
missing information with eDirectory or rebuild the post office database to obtain updated 
information from the domain. 

+ Section 6.3.1, “Synchronizing Information,” on page 111 

+ Section 6.3.2, “Rebuilding the Post Office Database,” on page 111 
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6.3.1 


6.3.2 


6.4 


Synchronizing Information 


The information for each object (user, resource, distribution list, and so on) in the GroupWise 
Address Book is contained in eDirectory. When an object's information is incorrect in a post office’s 
Address Book, you can synchronize the object's information in the Address Book with the 
information stored in eDirectory. This causes the correct information to be replicated to each domain 
and post office database in the GroupWise system. For instructions, see Chapter 29, “Synchronizing 
Database Information,” on page 419. 


Rebuilding the Post Office Database 


If the post office Address Book is missing a lot of information, or if you are having other difficulties 
with information in the Address Book, you might want to rebuild the post office database. This 
causes all information to be replicated to the post office database from the domain database. For 
instructions, see Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 405. 


Controlling Users’ Freguent Contacts Address Books 


By default, email addresses of those to whom users send messages are automatically added to their 
Freguent Contacts address books. Users can also choose to automatically save email addresses of 
those from whom they receive messages. You can restrict the types of addresses that users can collect 
in their Freguent Contacts address books. 


1 In ConsoleOne, select a Domain, Post Office, or User object. 


2 Click Tools > GroupWise Utilities > Client Options 
3 Click Environment > Address Book. 


Environment Options: Development x| 


Cleanup | Appearance | Retention | JunkMail | Calendar 
General | Client Access | Views | File Location 
Novell vibe | Tutorial Conferencing | Reply Format 


Freguent Contacts 
F Enable auto-saving Sa 


J” Save addresses of items that are received 
T From external sources (Internet) 
| From internal sources 
F Only if my name or ID is in the Toy! Field 


M Save addresses of items that are sent 
F To external sources (Internet) 


IV To internal sources 


M Allow creation of User Defined Fields in the Personal Address Book 


Restore Default Settings 


L «| Cancel | Help | 


4 With Enable Auto-Saving selected, adjust the auto-save options as needed. 
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Save Addresses of Items That Are Received: Select this option to allow users to automatically 
add external and internal email address from items that they receive to their Freguent Contacts 
address books. If desired, you can restrict users to collecting email addresses only if the user's 
name or email address appears in the To field, as opposed to the CC or BC fields. 


Save Addresses of Items That Are Sent: Select this option to allow users to automatically add 
external and internal email address from items that they send to their Freguent Contacts address 
books. 


Or 


Deselect Enable Auto-Saving to change the default so that email addresses are not collected unless 
users enable that functionality. 


5 To prevent users from changing your Freguent Contacts address book settings, click the Lock 
button. 


6 Click OK to save the Freguent Contacts address book settings. 


6.5 Controlling Address Book Synchronization for Caching and 
Remote Client Users 


By default, the POA automatically updates the post office database (wphost . db) with changes to the 
Address Book as they occur. As a result, whenever a Caching or Remote client connects to the 
GroupWise system, it automatically downloads any updates to the Address Book that have occurred 
since the last time it connected. This means that Caching or Remote client users always have an up- 
to-date Address Book to work with. 


Because the Address Book updates are stored as records in the post office database, this feature 
causes the post office database to grow in size as time passes. Therefore, in ConsoleOne, you can 
specify the maximum number of days you want to store the incremental update records. The longer 
the incremental update records are stored, the larger the post office database becomes, which can 
impact available disk space and backup time. You can also disable this functionality, if necessary. 


1 Browse to and right-click a Post Office object, then click Properties. 
2 Click GroupWise > Post Office Settings. 


Properties of Sales xÍ 


GroupWise ~ | NDS Rights + | Other | Rights to Files and Folders | 
Post Office Settings 


Software Distribution Directory: 


(Corporate Linux 


Access Mode: Client/Server Only Se | 
Delivery Mode: Juse App Thresholds v | 


Address Book Update Settings 
IM Create deltas for Address Book updates 


Max Age for Address Book Updates: 15 = days 


I~ Disable Live Move 


Restore Area: (Not Set) 
Default Archive Service Trusted Application: (Not Set) 
[ Override <None> 


Remote File Server Settings 


Remote User Name; 
Remote Password: Set Password 


Page Options... OK Cancel Apply Help | 
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3 Inthe Max Age for Address Book Updates field, specify the number of days you want to retain 
Address Book update records. 


The default is 15 days. The maximum number of days is 90. 
4 (Optional) Deselect Create Deltas for Address Book Updates to disable this feature. 
5 Click OK to save the setting. 
Caching and Remote client users should not deselect Refresh Address Books and Rules Every nn Days 
because rules are still downloaded according to this schedule. Even if users do not want to download 
their rules, they still should not deselect this option because it turns off the Address Book delta sync. 


They can, however, set the option to a greater number of days to cause the download of the full 
Address Book to occur less frequently. 


6.6 Publishing Email Addresses to eDirectory. 


The GroupWise databases and eDirectory both contain information about users’ email address 
formats. When you change settings for users’ GroupWise email addresses, you can publish the 
changes to eDirectory so that user email address information matches in both places. 


1 In ConsoleOne, click Tools > GroupWise System Operations > Internet Addressing. 
2 Click Publish to eDirectory. 


Internet Addressing 


Internet Domains | Addressing Formats |! Publish to eDirectory į 


© Publish the Preferred EMail Address only 
For each Internet Domain 


© Publish all allowed addresses 


© Publish the following addresses: 


Publish Nickname addresses 


Publish Gateway Alias addresses 


By default, users’ preferred email addresses are published to eDirectory only in the format 
established in the Preferred Address Format field on the Addressing Formats tab. This publishes 
one email address per user in the format established for your GroupWise system. 


3 Select additional options to publish additional email addresses, as needed. 


4 Click OK to save the address publishing settings. 
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6.7 


6.7.1 


Enabling Wildcard Addressing 


By default, users address messages by selecting users and distribution lists from the Address Book. If 
you enable wildcard addressing, users can send items to all users in a post office, domain, 
GroupWise system, or connected GroupWise system by using asterisks (*) as wildcards in email 
addresses. 


You can limit wildcard addressing to a specific level (system, domain, or post office) or allow 
unlimited wildcard addressing. The default is to limit the wildcard addressing to post office only, 
meaning that a user can use wild card addressing to send to all users on his or her post office only. 
You can change the default for individual users, post offices, or domains. 


With wildcard addressing, the sender only sees whether the item was delivered to a domain, post 
office, or system (by viewing the item's properties). The properties do not show the individual user 
names or additional statuses. Recipients can reply to the sender only. Reply to All is unavailable. 

+ Section 6.7.1, “Setting Wildcard Addressing Levels,” on page 114 


+ Section 6.7.2, “Wildcard Addressing Syntax,” on page 115 


NOTE: Wildcard addressing cannot be used for assigning shared folders or shared address books, 
granting proxy rights, performing busy searches, or sending routing slips. 


Setting Wildcard Addressing Levels 


By default, wildcard addressing is enabled at the post office level for all users in your GroupWise 
system. You can change the level (post office, domain, or system) or disable wildcard addressing. 


Wildcard addressing levels can be applied to a single user, to all users in a post office, or to all users 
in a domain. 


To set wildcard addressing defaults: 


1 In ConsoleOne, select a Domain, Post Office, or User object. 


2 Click Tools > GroupWise Utilities > Client Options to display the GroupWise Client Options dialog 
box. 


GroupWise Client Options x| 


$ % Ð 


Environment Send Documents 
Security Calendar 


Close | Help 


3 Click Send to display the Send Options dialog box. 
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Send Options: Development 


EE 
[Send Options || Mail | Appt || Task | Note | Security | Disk Space Mgmt | Global Signature 


Classification 


[C] Expiration date 


Normal 


Priority X 
© High 
© Standard Delay delivery 
© Low m. 


[CI Reply requested Wildcard Addressing 


Limited to post office 


MIME Encoding 


UTF-8 a Ey Notify recipients 
Convert attachments 
Allow use of "Reply to all" in rules 


v) Allow use of "Internet mail" tracking 


Restore Default Settings 


Allow reply rules to loop 


Cancel 


4 Inthe Wildcard Addressing list, select from the following options: 
+ Not Allowed: Select this option to disable wildcard addressing. 


+ Limited to Post Office (Default): Select this option to limit wildcard addressing to the 
user's post office. The user can use wildcard addressing to send items to users in his or her 
post office only. 


¢ Limited to Domain: Select this option to limit wildcard addressing to the user’s domain. 
The user can use wildcard addressing to send items to users in his or her domain only. 


¢ Limited to System: Select this option to limit wildcard addressing to the user’s GroupWise 
system. The user can use wildcard addressing to send items to all users in his or her system 
only. This excludes external users (users from other systems) who have been added to your 
GroupWise address book. 


+ Unlimited: Select this option to allow unlimited use of wildcard addressing. The user can 
use wildcard addressing to send to all users (including external users and non-visible users) 
defined in the GroupWise address book. 


5 Click OK to save the changes. 


6.7.2 Wildcard Addressing Syntax 


The following table shows the syntax for wildcard addressing. 


Wildcard Addressing Setting To send an item to... Type in the To field... 
Limited to Post Office All users in your post office * 
Limited to Domain All users in your post office i 

All users in your domain R 

All users in another post office in your * post office 

domain 
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Wildcard Addressing Setting 


Limited to System 


To send an item to... 


All users in your post office 
All users in your domain 


All users in another post office in your 
domain 


All users in a post office in another domain 


Type in the To field... 
* 
** 


* post_office 


* post_office.domain 


All users in another domain * domain 

All users in your GroupWise system aoe 
Unlimited All users in your post office * 

All users in your domain E 


All users in a different post office in your 
domain 


* post_office 


All users in a post office in another domain. *.post_office.domain 
You can also use this for external post 
offices and external domains. 


All users in a another domain. You can also *.domain 
use this for external domains. 


All users in the GroupWise address book (all  *.*.* 
users in the same system, all external users, 
and all non-visible users) 


6.8 Adding External Users to the GroupWise Address Book 


The GroupWise Address Book lists all users that belong to your GroupWise system. When users 
receive incoming messages, the senders are added to users’ Frequent Contacts Address Books to 
facilitate replying to users who are not included in the GroupWise Address Book. If necessary, you 
can configure GroupWise so that external (non-GroupWise) users appear in the GroupWise Address 
Book and are therefore available to all GroupWise users. 


The following sections help you add non-GroupWise users to the GroupWise Address Book: 


+ Section 6.8.1, “Creating a Non-GroupWise Domain to Represent the Internet,” on page 116 
+ Section 6.8.2, “Linking to the Non-GroupWise Domain,” on page 117 


+ Section 6.8.3, “Creating a Non-GroupWise Post Office to Represent an Internet Host,” on 
page 119 


+ Section 6.8.4, “Creating External Users,” on page 120 


+ Section 6.8.5, “Configuring External Users and Resources to Appear in GroupWise Busy 
Searches,” on page 121 


6.8.1 Creating a Non-GroupWise Domain to Represent the Internet 


1 In ConsoleOne, right-click GroupWise System (in the left pane), then click New > Non-GroupWise 
Domain. 
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6.8.2 


Create Non-GroupWise Domain 


Domain name: 


Time Zone: cacai | 


(GMT-07:00) Mountain Time (US 8 Canada) =: Help 
Link To Domain: 


Provo1 RE 


I Create another domain 


2 Fillin the fields: 


Domain Name: Specify a name that has not been used for another domain in your system (for 
example, Internet). 


Time Zone: This should match the time zone for the Internet Agent (GWIA). If it does not, select 
the correct time zone. 


Link to Domain: Select a domain where the GWIA is running. 
3 Click OK to create the non-GroupWise domain. 

The non-GroupWise domain appears under GroupWise System in the left pane. 
4 Continue with Linking to the Non-GroupWise Domain. 


Linking to the Non-GroupWise Domain 


After you have created the non-GroupWise domain, you must modify the link between the domain 
where the Internet Agent (GWIA) is running and the non-Group Wise domain. This enables the 
GroupWise system to route all Internet messages to the MTA of the GWIA domain. The MTA can 
then route the messages to the GWIA, which sends them to the Internet. 


To modify the link to the non-GroupWise domain: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration to display the Link 
Configuration tool. 


By default, the Link Configuration tool displays the links for the domain that you are currently 
connected to. 


GroupWise Link Configuration Tool - K:\gwsystem\provo1 


File Edit Search View Window Help 


Es MM 7| a] Elf] Port eme SI 


Domain: Provo1 
Outbound Links from Provo1 


rDirect Indirect r Gateway: Undefined 
A, Internet 
% Provo2 
% Provos 


rDirect rindirect 
% Provo2 
% Provos 


2 Ifthe GWIA domain is not the currently displayed domain, select it from the list of domains on 
the toolbar. 


The non-GroupWise domain should be displayed in the Direct column. In the graphic displayed 
under step 1, Internet is the non-GroupWise domain. 
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3 Double-click the non-GroupWise domain to display the Edit Domain Link dialog box. 


If you are prompted that the mapped path is empty, click Yes to dismiss the prompt and display 
the Edit Domain Link dialog box. 


Edit Domain Link 
Description: How Provoi connects to Provo4 OK 


Link Type: Direct bs 


Cancel 


Settings 


Protocol: |Mapped © 
Path: fk: 'gwsystemiprovo4 S Scheduling... 


Help 


Maximum send message size: 0 4 MBytes 
Delay message size: 0 $ MBytes 


External Link Info... 


4 Inthe Link Type field, select Gateway. 


After you select Gateway, the dialog boxes changes to display the settings required for a gateway 
link. 


Edit Domain Link 


Description: How Provo1 connects to Internet 
Link Type: Gateway | 
Settings 
Gateway Link: 


Gateway Access String: [ 


Return Link: |Provot 


Maximum send message size: 0 4 MBytes 
Delay message size: 0 = MBytes 


NOTE: Group Wise gateways are legacy products that are not supported with the current 
GroupWise version. 


Fill in the following fields: 
Gateway Link: Select the GWIA. 


Gateway Access String: If you want to specify the conversion format (RFC-822 or MIME) for 
messages sent to the domain, include the -rfc822 or -mime parameter. If you do not use either of 
these parameters, the GWIA converts messages to the format specified in its startup file. The 
default is for MIME conversion (as specified by the GWIA's /mime startup switch). 


Return Link: Leave this field as is. It does not apply to the GWIA. 


Maximum Send Message Size: If you want to limit the size of messages that the MTA for the 
GWIA domain passes to the GWIA, specify the maximum size. This is applied to all messages. If 
you want to limit the size of messages sent by specific users or groups of users, you can also use 
the Access Control feature. For details, see Section 54.1, “Controlling User Access to the 
Internet,” on page 787. 


Delay Message Size: If you want the MTA to delay routing of large messages to the GWIA, 
specify the message size. Any messages that exceed the message size are assigned a lower 
priority by the MTA and are processed after the higher priority messages. 
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6 Click OK to save the changes. 


The non-GroupWise domain is moved from the Direct column to the Gateway column. Fora 


description of the link symbols next to the domain names, see the Help in the Link 
Configuration tool. 


KE GroupWise Link Configuration Tool - K:\gwsystem\provo1 


File Edit Search View Window Help 


g| 3/9) ? | 2 | RT| [Provot (Primary) zl Ņ mil 
Domain: Provo1 
Outbound Links from Provol 


r Direct Indirect r Gateway: 


x Provo2 %, ? Internet (GMIA) 
%, Provo3 


Undefined 


rindirect 


7 Click the File menu, click Exit, then click Yes to exit the Link Configuration tool and save your 
changes. 


8 Continue with Creating a Non-GroupWise Post Office to Represent an Internet Host. 


Creating a Non-GroupWise Post Office to Represent an Internet Host 


When you create a post office to represent an Internet host, the post office name cannot be identical to 
the hostname because the period that separates the hostname components (for example, novell.com) 
is not a valid character for post office names. GroupWise reserves the period for its addressing syntax 


of user_ID.post_office.domain. Therefore, you should choose a name that is closely related to the 
hostname. 


To create a non-GroupWise post office: 


1 In ConsoleOne, right-click the non-GroupWise domain that represents the Internet, then click 
New > External Post Office. 


KS Create External GroupWise Post Office 


Post office name: Lx | 
I 


Time Zone: camca | 


(GMT-07:00) Mountain Time (US & Canada) hä Help 
T Create another post office 


2 Fillinthe following fields: 


Post Office Name: Specify a name to associate the post office with the Internet host. Do not use 
the fully gualified hostname. 


Time Zone: Select the time zone in which the Internet host is located. 
3 Click OK to create the post office. 

The non-GroupWise post office is added under the non-Group Wise domain. 
4 Right-click the new non-GroupWise post office, then click Properties. 
5 Click GroupWise > Internet Addressing. 
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Properties of ExampleHost 


ed Address format: 


Not Defined 


Allowed Address Formats 


Not Defined 


Internet domain name: 


Not Defined 


Page Options... | Cancel | 


6 If you want to override the GroupWise system allowed address formats, select Override next to 
Allowed Address Formats, then select the allowed address formats for this Internet host. 


7 Next to Internet Domain Name, select Override, then specify the actual name of the Internet host 
that the external post office represents. 


8 Click OK to save your changes. 


9 Continue with Creating External Users. 


6.8.4 Creating External Users 


120 


By creating external users, you add them to the GroupWise Address Book for easy selection by 
GroupWise users when addressing messages. 


To add an Internet user to a post office: 


1 In ConsoleOne, right-click the post office that represents the user’s Internet host, then click New 
> External User. 


Create GroupWise External User 


User Name: 


Cancel 


T Create another external user 


Help 


2 Inthe User Name field, specify the exact user portion of the user's Internet address. If the address 
is jsmith@novell.com, the portion you would specify is jsmith. 


3 Click OK to create the external user. 

4 Provide personal information about the external user: 
4a Right-click the new External User object. 
4b Fillin the desired fields on the Identification page. 
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Because the user is displayed in the Group Wise Address Book, you might want to define 
the user's first name and last name. This is especially important if the allowed address 
formats for the Internet host include first name and last name information. 


4c Click OK to save the user's personal information. 


If you have only a few users on some Internet hosts, you can create a single external post office for 
these users, then define their Internet domain names on the Identification pages of the External User 
objects instead of on the External Post Office object. 


6.8.5 Configuring External Users and Resources to Appear in GroupWise 
Busy Searches 


You can define the URL where free/busy schedule status is published for a user or resource inan 
external email system. This enables GroupWise users to receive Busy Search results from this external 
user or resource along with Busy Search results from other GroupWise users. 


1 In ConsoleOne, right-click an External User object or an External Resource object, then click 
Properties. 
2 Click GroupWise > Internet Free Busy Search. 


3 Specify the URL where free/busy schedule status for the user or resource is published, then click 
OK. 
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7.1 


Multilingual GroupWise Systems 


GroupWise is a multilingual email product that meets the needs of users around the world. The 


following sections provide guidance if your GroupWise system includes users who speak a variety of 


languages: 


+ Section 7.1, “GroupWise User Languages,” on page 123 

+ Section 7.2, “GroupWise Administration and Agent Languages,” on page 124 
+ Section 7.3, “International Character Considerations,” on page 125 

+ Section 7.4, “MIME Encoding,” on page 125 

+ Section 7.5, “Multi-Language Workstations,” on page 127 


See also Chapter 78, “Supporting the GroupWise Client in Multiple Languages,” on page 1087. 


GroupWise User Languages 


Users can run GroupWise in the following languages: 


Language Code Language Code 
Arabic** AR Italian IT 
Bulgarian BG Japanese JA 
Chinese - Simplified CS Korean KO 
Chinese - Traditional CT Norwegian NO 
Czech CZ Polish PL 
Danish DA Portuguese PT 
Dutch NL Russian RU 
English EN Slovak* SK 
Finnish FI Slovenian* SL 
French FR Spanish ES 
German DE Swedish SV 
Hungarian HU Turkish TR 


NOTE: Languages marked with an asterisk (*) are available for the GroupWise Windows client, but 


not for GroupWise WebAccess. Languages marked with a double asterisk (**) are available for the 
GroupWise Windows client and for Group Wise WebAccess in a desktop browser, but are not 
available on tablet devices or mobile devices where a more simple interface is used. 
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7.2 


Language codes are used to identify language-specific files and directories. They are also used as the 
values of the client language (/1) startup option. Users can select the languages they want when they 
install the GroupWise client. 


Users should have at least 200 MB available on their workstations to install the GroupWise client 
software in one language. Users need an additional 20 MB of disk space for each additional language 
they install. 


By default, the GroupWise client starts in the language of the operating system, if it is available. If the 
operating system language is not available, the next default language is English. When you start the 
GroupWise client, you can use the /l startup switch to override the English default and select an 
interface language from those that have been installed. 


The online help available in the GroupWise clients is provided in all languages into which the client 
software is translated. The GroupWise client user guides available from the GroupWise clients and 
on the GroupWise Documentation Web site are translated only into the administration languages. If 
you try to access a user guide from a client that is running in a language into which the user guide 
has not been translated, you can select any of the available languages. 


By default, the GroupWise clients use UTF-8 for MIME encoding. This accommodates the character 
sets used by all supported languages. 


GroupWise Administration and Agent Languages 


You can run the GroupWise Installation program, administer your GroupWise system in 
ConsoleOne, and run the GroupWise agents in the following languages: 


Language Code 
English EN 
French FR 
German DE 
Portuguese PT 
Spanish ES 


Language codes are used to identify language-specific files and directories. They are also used as the 
values of the GroupWise agent /language startup switches. 


When you select a language for a domain, it determines the sorting order for items in the GroupWise 
Address Book. This language becomes the default for post offices that belong to the domain. You can 
override the domain language at the post office level if necessary. 


For example, if you set the domain and post office language to English, the Address Book items are 
sorted according to English sort order rules. This is true even if some users in the post office are 
running non-English GroupWise clients such as German or Japanese. Their client interface and Help 
files are in German or Japanese, but the sort order is according to English standards. 


By default, the agents start in the language selected for the domain. If that language has not been 
installed, the agents start in the language used by the operating system. If that language has not been 
installed, the agents start in English. You can also use the /language agent startup switch to select the 
language for the agent to startin. 
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7.4 


The POA also includes language-specific files in all client languages so that information returned 
from the POA to the GroupWise client, such as message status and undeliverable messages, is 
displayed in the language of the GroupWise client rather than the language in which the POA 
interface is being displayed. 


Currently, the DVA is available only in English. 


International Character Considerations 


GroupWise client users have complete flexibility in the characters they use in composing messages. 
Accented characters used by various European languages and double-byte characters used by 
various Asian and Middle Eastern languages are all acceptable in the GroupWise client and can even 
be combined in the same message text. 


As an administrator, you must take the following limitations into account: 


+ Double-byte Asian and Middle Eastern characters should not be used in directory names and 
file names within your GroupWise system. This limitation is based on operating system 
capabilities. You should also not use double-byte characters in passwords. You can use double- 
byte characters in GroupWise user names, domain names, post office names, and so on. 


+ If you choose to use double-byte characters or extended characters such as accented characters 
in GroupWise user names or domain names, users must have Preferred E-mail IDs that contain 
only characters that are valid in the SMTP REC. For instructions, see Section 14.7.2, “Changing a 
User's Internet Addressing Settings,” on page 249. 


MIME Encoding 


MIME (Multipurpose Internet Mail Extensions) encoding must be used when messages are sent 
across the Internet, so that characters display correctly for users on computers that are configured for 
different languages. In ConsoleOne, you can set the default MIME encoding (for example, UTF-8, 
Windows Default, ISO Default, and so on) that is used by the Group Wise clients. 


1 In ConsoleOne, browse to and select the domain, post office, or user where you want to change 
the maximum mailbox size. 


2 Click Tools > GroupWise Utilities. 
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3 Click Client Options > Send. 


Send Options: Development 


į Send Options || Mail | Appt | Task | Note | Security | Disk Space Mgmt | Global Signature 
Classification 


Nermal C] Expiration date 
lormal 


Priority 
© High 
©) Standard 
O Low =——— pn 


Delay delivery 


Reply requested 


‘Wildcard Addressing 


=n [Limited to post office 


~] 
MIME Encoding 


UTF-8 “| E] 


Notify recipients 


Convert attachments 


Allow use of "Reply to all" in rules 


[V] Allow use of "Internet mail" tracking Allow reply rules to loop 


Restore Default Settings 


4 Inthe MIME Encoding box on the Send Options tab, select the desired default MIME encoding, 
then click OK to save the setting. 


GroupWise users can override the default MIME encoding in GroupWise, as described in: 


+ “Changing the MIME Encoding for Email You Send” in “Email” in the GroupWise 2012 Windows 
Client User Guide 


+ “Changing the MIME Encoding of a Message” in “Email” in the GroupWise 2012 WebAccess User 
Guide 


The Windows client supports 24 character sets for MIME encoding. GroupWise WebAccess and 
ConsoleOne support 16 character sets, marked with asterisks in the table below. 


Languages/Alphabets Character Sets 


Windows Default* 
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ISO Default* 
UTF-8* 
Arabic Windows 1256* 
Arabic ISO 8859-6 
Baltic Windows 1257* 
Baltic ISO 8859-4 


Central European 


Windows 1250* 


Central European ISO 8859-2 
Chinese Simplified GB2312* 
Chinese Traditional Big 5 
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Languages/Alphabets Character Sets 


Cyrillic KOI8-R* 
Cyrillic ISO 8859-5 
Hebrew Windows 1255* 
Hebrew ISO 8859-8 
Japanese ISO 2022-JP* 
Japanese Shift-JIS 
Korean EUC-KR* 

Thai Windows 874* 
Turkish Windows 1254* 
Turkish ISO 8859-9 


Western European 
Western European 


Western European 


Windows 1252 
ISO 8859-1 


ISO 8859-15 


The GWIA also has options for controlling MIME encoding when messages are set to and from the 


Internet, as described in: 


+ ConsoleOne settings:Section 53.1.4, “Determining Format Options for Messages,” on page 763 


+ Startup switches: Section 59.6.4, “Message Formatting and Encoding,” on page 868 


Multi-Language Workstations 


If GroupWise users receive messages in multiple languages, their workstations need to be configured 


to handle the character sets used by these languages. 
On Windows 7: 
1 Inthe Control Panel, click Change Display Languages. 
2 Inthe Display Language box, click Install/Uninstall Languages. 
3 Follow the on-screen instructions to install the required language files. 


On Windows Vista: 


1 In the Control Panel, double-click Regional and Language Options, then click Keyboards and 
Languages. 
2 Under Display Languages, click Install/Uninstall Languages. 


3 Follow the on-screen instructions to install the required language files. 
On Windows XP: 


1 In the Control Panel, double-click Regional and Language Options, then click Languages. 


2 If you receive messages in Arabic, Hebrew, or other complex languages, select Install Files for 
Complex Script and Right-to-Left Languages. 
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3 If you receive messages in Chinese, Japanese, or other similar languages, select Install Files for 
East Asian Languages. 


4 Click OK to install the reguired language files. 
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| Domains 


+ Chapter 8, “Creating a New Domain,” on page 131 
+ Chapter 9, “Managing Domains,” on page 145 
+ Chapter 10, “Managing the Links between Domains and Post Offices,” on page 155 
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6.1 


Creating a New Domain 


As your GroupWise system grows, you might need to add new domains. 


+ Section 8.1, “Understanding the Purpose of Domains,” on page 131 
+ Section 8.2, “Planning a New Domain,” on page 132 

+ Section 8.3, “Setting Up the New Domain,” on page 138 

+ Section 8.4, “What's Next,” on page 142 

+ Section 8.5, “New Domain Summary Sheet,” on page 142 


IMPORTANT: If you are creating a new domain in a clustered Group Wise system, see the GroupWise 
2012 Interoperability Guide before you create the domain: 


Understanding the Purpose of Domains 


The domain functions as the main administrative unit for your GroupWise system. Each GroupWise 
system has one primary domain, which was created when you first installed GroupWise. All other 
domains that you add are secondary domains. 


The domain serves as a logical grouping of one or more post offices and is used for addressing and 
routing messages. Each GroupWise user has a unique GroupWise address that consists of a user ID, 
the user’s post office name, the GroupWise domain name, and, optionally, an Internet domain name. 


The following diagram illustrates the logical organization of a GroupWise system with multiple 
domains and post offices. All of the objects under the domain belong to that domain. All of the 
objects under a post office belong to that post office. 


GroupWise 
System 

Primary Secondary 
Domain Domain 

7 Message Message 

y E) Transfer ey ) Transfer 
— Agent = Agent 
Post Post à Post Post } 


ia Office Office T ia Office Office ia 


9 
Office 
Agent 


GroupWise Users 
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GroupWise Users 
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Creating a New Domain 131 


132 


Messages are moved from user to user through your GroupWise system by the GroupWise agents. 
As illustrated above, each domain must have a Message Transfer Agent (MTA). The MTA transfers 
messages between domains and between post offices in the same domain. Each post office must have 
at least one Post Office Agent (POA). The POA delivers messages to users” mailboxes and performs a 
variety of post office and mailbox maintenance activities. 


When you add a new domain to your GroupWise system, links define how messages are routed from 
one domain to another. When you add the first secondary domain, the links between the primary and 
secondary domains are very simple. As the number of domains grows, the links among them can 
become guite complex. Links are discussed in detail in Chapter 10, “Managing the Links between 
Domains and Post Offices,” on page 155. 


Physically, a domain consists of a set of directories that house all the information stored in the 
domain. To view the structure of a domain directory, see “Domain Directory” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. The domain directory does not contain 
mailboxes or messages, but it does contain other vital information. For an overview, see Section 41.3, 
“Information Stored in the Domain,” on page 622. Domain directories can be located on Linux and 
Windows servers. 


8.2 Planning a New Domain 


After you have your basic GroupWise system up and running, you can expand it by adding one or 
more secondary domains. The GroupWise architecture lets you create a simple, single domain 
system, or a complex system that links dozens of secondary domains across a campus, a city, or 
around the world. 


This section provides the information you need in order to decide when, where, and how to setupa 
new domain. The items in the worksheet are listed in the order you enter them when setting up your 
domain. This planning section does not follow the same order as the worksheet, but all worksheet 
items are covered. The “New Domain Summary Sheet” on page 142 lists all the information you 
need. You should print the worksheet and fill it out as you complete the tasks listed below. 


+ 


+ 


+ 


+ 


+ 


+ 


Section 8.2.1, “Determining When to Add a New Domain,” on page 133 
Section 8.2.2, “Deciding Who Will Administer the New Domain,” on page 133 
Section 8.2.3, “Planning Post Offices in the New Domain,” on page 134 
Section 8.2.4, “Determining the Context for the Domain Object,” on page 134 
Section 8.2.5, “Choosing the Domain Name,” on page 136 

Section 8.2.6, “Deciding Where to Create the Domain Directory,” on page 136 
Section 8.2.7, “Deciding Where to Install the Agent Software,” on page 137 
Section 8.2.8, “Deciding How to Link the New Domain,” on page 137 

Section 8.2.9, “Selecting the Domain Language,” on page 138 

Section 8.2.10, “Selecting the Domain Time Zone,” on page 138 


After you have completed the tasks and filled out the “New Domain Summary Sheet” on page 142, 
you are ready to continue with Section 8.3, “Setting Up the New Domain,” on page 138. 
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8.2.1 


8.2.2 


Determining When to Add a New Domain 


How do you know when you should add a domain? The answer to this depends on your 
administration policies and on physical and logical network organization. 


Although a single domain can contain as many post offices and users as you want to add, there are 
some conditions that indicate the need for a new domain: 


+ Administrative Convenience: To spread out the administrative workload, you can create one or 
more new domains with their own administrators. Each new domain can be managed by a 
different administrator as long as each administrator has sufficient rights to connect to it and 
write to the domain database. 


+ Remote Sites: If communication between servers is slow, or if you have remote sites, you can 
add a new domain to minimize mail traffic between the servers. For example, if you have 
locations in three separate cities, you might have an organization that represents each location. 
You could then create a domain in each organization. You could administer all of the domains 
from one location or you could assign a different administrator for each one. 


+ Demand on the MTA: Each domain has its own MTA that routes messages between post offices 
within its domain. If your current domain has many post offices that are placing a heavy 
workload on the MTA, you might want to create another domain to handle additional post 
offices. 


+ Multiple eDirectory Trees: All of the objects that are logically subordinate to a GroupWise 
domain must be in the same Novell eDirectory tree as the domain. If you have users in other 
eDirectory trees that need GroupWise accounts, you must create secondary domains and post 
offices in each tree. 


For additional guidance, visit the GroupWise Best Practices Wiki (http://wiki.novell.com/index.php/ 
GroupWise). 


Deciding Who Will Administer the New Domain 


Any user who is an Admin eguivalent can administer GroupWise. The person who creates the new 
domain should be an Admin eguivalent user so that he or she has the necessary rights to create 
objects and directories. You can then assign a different user as a domain administrator and limit 
rights to other objects if necessary. For more information, see Chapter 87, “GroupWise Administrator 
Rights,” on page 1127. 


Depending upon the size, complexity, and layout of your eDirectory tree, you might choose a 
centralized administration model with one person administering both eDirectory and GroupWise, or 
you might choose a distributed administration model with the administration workload shared by 
two or more individuals. With a distributed administration model, each administrator obtains rights 
to the GroupWise objects and directory structures over which he or she has jurisdiction. If you want 
to restrict access to some network operations or to certain domains, you can limit access rights to 
domains the user should not administer. 


The user assigned as the domain administrator must be able to create or modify objects in the domain 
and will receive an email message whenever an agent encounters a problem. You can designate 
yourself, one or more other users, or a distribution list as an administrator. 


NEW DOMAIN SUMMARY SHEET 


Under Domain Administrator, enter the ID ofthe user or distribution list that will administer this domain. 
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8.2.3 


8.2.4 


Planning Post Offices in the New Domain 


Before adding the new domain, you should plan the post offices that you want to belong to the 
domain. Review Section 11.2, “Planning a New Post Office,” on page 174 as part of planning your 
new domain. 


Determining the Context for the Domain Object 


When deciding where to place the new Domain object in the eDirectory tree, you should consider 
how you can most easily administer GroupWise and how the domain and its associated post offices 
fit into the logical organization of your eDirectory tree. 


Domains and their associated objects, including Post Offices, Users, Resources, and Distribution 
Lists, must be located in the same eDirectory tree. If you have multiple trees, you must create a 
separate domain in each tree. The domains can all belong to the same GroupWise system, even 
though they are located in different trees. 


You can place the domain in any Organization or Organizational Unit container in any context in an 
eDirectory tree. The following sections provide some examples of how domains can be placed in the 
eDirectory tree: 


+ “GroupWise Objects Reflect Physical Locations” on page 134 

+ “GroupWise Objects Reflect Company Organization” on page 135 

+ “GroupWise Objects Are Grouped with Servers” on page 135 

+ “GroupWise Objects Are Located in a Separate GroupWise Container” on page 135 


NEW DOMAIN SUMMARY SHEET 


Under Tree Name, specify the name of the eDirectory tree where you plan to create the new domain. 


Under eDirectory Container, specify the name of the eDirectory container where you plan to create the 
new domain. 


GroupWise Objects Reflect Physical Locations 


The GroupWise system below focuses on the physical layout of the company. Because most mail 
traffic is probably generated by users in the same location, the mail traffic across the WAN is 
minimized. An organizational unit is created for each site. A domain is created under each 
organizational unit, corresponding to the city. The sites can be administered centrally or at each site. 
Administrator rights can be assigned at the domain level. 


=|, Corporate 
=)-"8 Los Angeles 
H- LA-Dom1 
ra LA-PO1-1 
5-7 New York 
&-@R NY-P01-1 
H-E NY-Dom1 
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GroupWise Objects Reflect Company Organization 


The following GroupWise system focuses on departmental organization, as does the eDirectory tree. 
GroupWise domains and post offices parallel eDirectory organizational units, placing the domains 
and post offices within the organizational units containing the users that belong to them. 


a- Corporate 

=)-78 Accounting 
@ Acct-Dom 
QA Acct-P01 
Development 
@ Dev-Dom 
QÀ Dev-PO1 
H-E Manufacturing 
H-8 Sales 


Ly 
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GroupWise Objects Are Grouped with Servers 


Because domains and post offices have directory structures on network servers, you could also 
choose to place the Domain and Post Office objects in the same context as the servers where the 
directories reside, as shown in the following example. 


3- Corporate 

°8 Accounting 

8 Development 

E Manufacturing 

E Sales 

E Servers 

4) Acct-Dom 

+ QA Acct-P01 

@ Dev-Dom 
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GroupWise Objects Are Located in a Separate GroupWise Container 


Domains and post offices can also be created in their own organizational unit. Administratively, this 
approach makes it easier to restrict a GroupWise administrator's object and property rights to 
GroupWise objects only. For information about GroupWise Administrator rights, see Section 8.2.2, 
“Deciding Who Will Administer the New Domain,” on page 133. 
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8.2.5 


8.2.6 


The GroupWise View in ConsoleOne 


Regardless of where you choose to place Domain objects in the eDirectory tree, you can get a 
consolidated view of your GroupWise system using the GroupWise View in ConsoleOne. For 
instructions, see Chapter 3, “GroupWise View,” on page 61. 


Choosing the Domain Name 


The domain reguires a unigue name. The name is used as the Domain object's name in eDirectory. It 
is also used for addressing and routing purposes in your GroupWise system, and might appear in the 
GroupWise Address Book. 


The domain name can reflect a location, company name or branch name, or some other element that 
makes sense for your organization. For example, you might want the domain name to be the location 
(for example, Provo) while the post office name is one of the company's departments (for example, 
Research). Name the new domain carefully. After it is created, the name cannot be changed. 


The domain name should consist of a single string. Use underscores (_) rather than spaces as 
separators between words to facilitate addressing across the Internet. 


Do not use any of the following invalid characters in the domain name: 


ASCII characters 0-31 Comma, 

Asterisk * Double guote “ 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Backslash \ Parentheses () 

Braces {} Period. 

Colon: Slash / 


NEW DOMAIN SUMMARY SHEET 


Under Domain Name, specify the domain name. 


Under Domain Description, provide a description for the new domain. 


Deciding Where to Create the Domain Directory 


Logically, the Domain object resides in eDirectory and is administered through ConsoleOne. 
Physically, the domain has a directory structure for databases, message queues, and other files. The 
domain directory structure can be created on any of the supported platforms listed in “GroupWise 
Administration Requirements” in the GroupWise 2012 Installation Guide. The server where you create 
the domain directory structure can be in the same tree as the Domain object or in another tree. 


Many different configurations are possible. When deciding where to create the domain directory, you 
should consider the following. 


+ Domain Directory Space Reguirements: The domain directory is not a large consumer of disk 
space. For guidance on domain directory space reguirements, visit the GroupWise Best Practices 
Wiki (http://wiki.novell.com/index.php/GroupWise). 
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+ Access by the MTA: For best performance, the MTA should be installed on the same server as 
the domain directory. This is reguired on Linux. Remote installation is possible on Windows, but 
not recommended. 


¢ Security from User Access: Users never need access to the domain directory so you should 
create itin a location you can easily secure; otherwise, you could have files inadvertently moved 
or deleted. 


Choose an empty directory for the new domain. If you want, the directory can reflect the name of the 
domain, for example, Provo1 for one of several domains located in Provo. Use the following 
platform-specific conventions: 


Linux: Use only lowercase characters. 
Windows: No limitations. 
Choose the name and path carefully. After the domain directory is created, it is difficult to rename it. 


If the directory you specify does not exist, it can be created when you create the domain. If you create 
the directory in advance, it is easy to browse to it as you create the domain. 


IMPORTANT: Do not create the domain directory under another domain or post office directory. 


NEW DOMAIN SUMMARY SHEET 


Under Domain Database Location, enter the full path for the domain directory. 


8.2.7 Deciding Where to Install the Agent Software 


You must run a new instance of the MTA for each new domain. To review the functions of the MTA 
for the domain, see Section 41.4, “Role of the Message Transfer Agent,” on page 624. For complete 
installation instructions and system requirements, see “Installing GroupWise Agents” in the 
GroupWise 2012 Installation Guide. 


You can install the MTA on Linux or Windows. You should install it on the same server where you 
plan to create the domain directory structure. 
NEW DOMAIN SUMMARY SHEET 


Under Agent Platform, enter the platform of the server where the MTA will run (Linux or Windows). 


8.2.8 Deciding How to Link the New Domain 


Domain links tell the MTAs how to route messages between domains. Properly configured links 
optimize message flow throughout your GroupWise system. For a review of link types, see 
Section 10.1.1, “Domain-to-Domain Links,” on page 155. 


When you create the new domain, you link it to one existing domain. By default, this link is a direct 
link using TCP/IP as the link protocol, which means the new domain’s MTA communicates with the 
existing domain's MTA through TCP/IP. This is the recommended configuration, and is required on 
Linux. 
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On Windows, you can configure the direct link to use a UNC path or a mapped drive as the link 
protocol, which means the new domain's MTA transfers information to and from the existing domain 
by accessing the existing domain’s directory, rather than by communicating with the other domain’s 
MTA. 

NEW DOMAIN SUMMARY SHEET 


Under Link to Domain, specify the existing domain that you want to link the new domain to, then specify the link 
protocol (TCP/IP or UNC path). 


After you create the new domain, you can configure links to additional domains as needed. See 
Section 10.2, “Using the Link Configuration Tool,” on page 161. 


Selecting the Domain Language 


The domain language determines the default sort order for items in the Group Wise Address Book for 
users in post offices that belong to the domain. For more information, see Section 11.2.8, “Selecting 
the Post Office Language,” on page 179. 

NEW DOMAIN SUMMARY SHEET 


Under Domain Language, specify the domain language. 


Selecting the Domain Time Zone 


When a message is sent from a user in one time zone to a user in another time zone, GroupWise 
adjusts the message's time so that it is correct for the recipient's time zone. For example, if a userin 
New York (GMT -05:00, Eastern Time) schedules a user in Los Angeles (GMT -08:00, Pacific Time) for 
a conference call at 4:00 p.m. Eastern Time, the appointment is scheduled in the Los Angeles user's 
calendar at 1:00 p.m. Pacific Time. 


The domain time zone becomes the default time zone for each post office in the domain. 


NEW DOMAIN SUMMARY SHEET 


Under Domain Time Zone, enter the time zone. 


Setting Up the New Domain 


You should have already reviewed Section 8.2, “Planning a New Domain,” on page 132 and filled out 
the New Domain Summary Sheet. Complete the following tasks to create the new domain: 

+ Section 8.3.1, “Creating the New Domain,” on page 139 

+ Section 8.3.2, “Configuring the MTA for the New Domain,” on page 141 

+ Section 8.3.3, “Installing and Starting the New MTA,” on page 141 
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8.3.1 Creating the New Domain 


1 Make sure you are logged in to the tree where you want to create the domain (Tree Name on the 
New Domain Summary Sheet). 


2 (Conditional) If you are creating the domain on a different machine from where you are running 
ConsoleOne, make sure that ConsoleOne has write access to the location where you want to 
create the domain. 


Linux: Mount the file system where you want to create the new domain. For assistance, see 
Section 2.1, “ConsoleOne on Linux,” on page 39. 


Windows: Map a drive to the location where you want to create the new domain. 


3 In ConsoleOne, click Tools > GroupWise Utilities > Check eDirectory Schema to make sure that the 
tree’s schema has been extended to accommodate GroupWise objects. 


4 Connect to the primary domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


5 Browse to and right-click the eDirectory container where you want to create the domain 
(eDirectory Container on the New Domain Summary Sheet), then click New > Object. 


New Object 


Create object in: 
2 CORP. TREE/GroupWise 


Class: 


& GroupWise Distribution List 
4 GroupWWise Domain 

[Q) GroupWise External Entity 
ol GroupWise Library 

Cla GroupWise Post Office 

OD GroupWise Resource 

ER httpServer 

<>: 


6 Double-click GroupWise Domain, then fill in the fields in the Create GroupWise Domain dialog 
box from your New Domain Summary Sheet. 


Create GroupWise Domain 


Domain Database Location: Cancel 
Help 


Language: 

English - US 

Time Zone: 

(GMT-05:00) Eastern Time (US 8 Canada) 


Message Transfer Agent Platform: 
Linux 


Link To Domain: 
Provoi 


IV Configure link 


T Define additional properties 
T Create another domain 


Domain Name 

Domain Database Location 
Domain Language 
Domain Time Zone 

Link to Domain 
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7 Make sure the Configure Links and Define Additional Properties options are selected, then click OK 
to display the Link Configuration Wizard. 


Link Configuration Wizard 


MTA Link 


The Message Transfer Agent (MTA) can link to the other domain through 
a TCPAP connection to the other domain's MTA or a direct connection to 
the other domain's directory. 


Novell. 


How do you want the MTA to link tothe other domain? 
© Direct link 


© TCPAP link 


Cancel Fi Hee | 


8 Follow the on-screen instructions to define how the new domain links to the existing domain, 
listed in the Link to Domain field. When you have finished defining the link, ConsoleOne creates 
the Domain object and displays the domain Identification page. 


Properties of Provo1 


GroupWise + || NDS Rights + | Other | Rights to Files and Folders 


Domain: 


Description: 


UNC Path; JBD-GWimaillgwsystemiprovol 


Language: English - US 


Domain Type: Primary 


Time Zone: {GMT-07:00) Mountain Time (US & Canada) 


Database Version: 12 


Administrator: 


View Client Options 


9 Fillinthe fields that have not been filled in for you from your New Domain Summary Sheet: 


Domain Description 
Domain Administrator 


10 Click OK to save the domain information. 
11 Continue with Configuring the MTA for the New Domain. 
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8.3.2 Configuring the MTA for the New Domain 


Although there are many MTA settings, the default settings are sufficient to get your domain 
operational. However, there are a few important settings that you can conveniently modify before 
you install the agent software. 


1 In ConsoleOne, double-click the new Domain object. 
2 Right-click the MTA object, then click Properties to display the MTA Identification page. 


Domain: Provo3 
Distinguished Name: MTA Provo3.GroupWise 
Name: MTA 


Agent Type: Message Transfer 


Description: poe Message Transfer Agent 


Platform: [Linux 


Page Options... 


3 Specify a description for the MTA. 
This description displays on the MTA agent console as the MTA runs. 


4 Select the platform where the MTA will run (Agent Platform on the New Domain Summary 
Sheet). 


5 (Conditional) If you have multiple domains in your GroupWise system and want to use TCP/IP 
to link to the other domains (Link to Domain on the New Domain Summary Sheet), follow the 
instructions in “Using TCP/IP Links between Domains” on page 632. 


6 (Conditional) If you have created the domain in a clustered environment, follow the instructions 
in the appropriate section of the GroupWise 2012 Interoperability Guide. 


7 To ensure that user information in the new domain stays synchronized with user information in 
eDirectory, follow the instructions in Section 42.4.1, “Using eDirectory User Synchronization,” 
on page 652. 


8 Formore MTA configuration options, see Section 9.7, “Changing the MTA Configuration to 
Meet Domain Needs,” on page 154. 


9 Click OK to save the MTA configuration information. 
10 Continue with Installing and Starting the New MTA 


8.3.3 Installing and Starting the New MTA 


1 Install and start the MTA for the new domain on the server where you created the domain 
directory structure. 
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For instructions, see “Installing GroupWise Agents” in the GroupWise 2012 Installation Guide. 
2 Continue with What's Next. 


8.4 What's Next 


After you have added the new domain and started its MTA, you are ready to continue to expand and 
enhance your GroupWise system by: 


+ Configuring the Address Book for the new domain. 


See “GroupWise Address Book” on page 105. 
+ Adding post offices to the new domain. 
See “Post Offices” on page 171. 
+ Configuring the MTA for optimal performance. 
See “Message Transfer Agent” on page 619. 
+ Connecting domains and GroupWise systems across the Internet using the GWIA. 
See “Internet Agent” on page 741. 
¢ Setting up GroupWise Monitor to monitor the GroupWise agents. 


See “Monitor” on page 939. 


8.5 New Domain Summary Sheet 


Field Value for Your Explanation 
GroupWise System 


Tree Name: Section 8.2.4, “Determining the 
Context for the Domain Object,” on 
page 134 

eDirectory Section 8.2.4, “Determining the 

Container: Context for the Domain Object,” on 
page 134 

Domain Name: Section 8.2.5, “Choosing the 


Domain Name,” on page 136 


Domain Database Section 8.2.6, “Deciding Where to 

Location: Create the Domain Directory,” on 
page 136 

Domain Language: Section 8.2.9, “Selecting the 


Domain Language,” on page 138 


Domain Time Zone: Section 8.2.10, “Selecting the 
Domain Time Zone,” on page 138 
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Field Value for Your 
GroupWise System 


Link to Domain: 
Link Protocol: 
+ TCP/IP 
Address: 


Port: 
+ UNC path 


Domain 
Description: 


Domain 
Administrator: 


Agent Platform: 


* Linux MTA 
+ Windows MTA 


Explanation 


Section 8.2.8, “Deciding How to 
Link the New Domain,” on page 137 


Section 8.2.5, “Choosing the 
Domain Name,” on page 136 


Section 8.2.2, “Deciding Who Will 
Administer the New Domain,” on 
page 133 


Section 8.2.7, “Deciding Where to 
Install the Agent Software,” on 
page 137 
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9.1 


Managing Domains 


As your GroupWise system grows and evolves, you might need to perform the following 
maintenance activities on domains: 

+ Section 9.1, “Connecting to a Domain,” on page 145 

+ Section 9.2, “Editing Domain Properties,” on page 146 

+ Section 9.3, “Converting a Secondary Domain to a Primary Domain,” on page 150 


+ Section 9.4, “Replacing the Primary Domain Database with a Secondary Domain Database,” on 
page 151 


+ Section 9.5, “Moving a Domain,” on page 152 
+ Section 9.6, “Deleting a Domain,” on page 153 
+ Section 9.7, “Changing the MTA Configuration to Meet Domain Needs,” on page 154 


See also Chapter 26, “Maintaining Domain and Post Office Databases,” on page 401. 


Connecting to a Domain 


Whenever you change domain information, itis efficient to connect directly to the domain before you 
begin making modifications. This enables ConsoleOne to write directly to the domain database 
(wpdomain . db). Performing administrative tasks in a domain while not connected to it increases the 
amount of administrative message traffic sent between domains. 


IMPORTANT: In a large GroupWise system, especially where some domains are on Linux servers 
and some domains are on Windows servers, and where you might be running ConsoleOne on a 
different platform from where the domain directory is located, a direct connection might not be 
convenient. Although they are efficient, direct connections are not reguired for most GroupWise 
administration tasks. For more information, see Section 4.1.2, “Understanding the Need for Domain 
Connections,” on page 71. 


To change your domain connection: 


1 In ConsoleOne in the GroupWise View, right-click the Domain object, then click Connect. 


The GroupWise View identifies the domain to which you are connected by adding a plug 
symbol to the domain icon. 


— E 
=) Provot 
Qa Manufacturing 


QÀ RandD 


E-S Provo2 
“a Accounting 


JÀ Sales 
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The domain marked with the red underscore is the primary domain. 
Or 


In the Console View, click Tools > GroupWise System Operations, click Select Domain, browse to and 
select the domain directory, then click OK. 


Under certain circumstances, this connection method is reguired. See Section 4.1, “Select 
Domain,” on page 69. 


9.2 Editing Domain Properties 


After creating a domain, you can change some domain properties. Other domain properties cannot 
be changed. 


1 In ConsoleOne, browse to and right-click a Domain object, then click Properties to display the 
domain Identification page. 


Properties of Provo1 
NDS Rights v | Other | Rights to Files and Folders 


Domain: 


Description: 


UNC Path; \WIBD-GW'\mail\qwsystem\pravot 


Language; English - US 


Domain Type: Primary 


Time Zone: {GMT-07:00) Mountain Time (US & Canada) 


Database Version: 12 


Administrator: 


View Client Options 


2 Change editable fields as needed. 


For information about individual fields, see Section 8.2, “Planning a New Domain,” on page 132 
or use online help when editing the domain information. 
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3 Click GroupWise > Post Offices to display the Post Offices page. 


Properties of Provo2 


‘oupWise + || NDS Rights + | Other | Rights to Files and Folders | 


GroupWise Post Offices: 


Page Options... 


All post offices in the domain are listed, no matter where their Novell eDirectory objects are 
placed in the tree. This is a convenient place to delete post offices from the domain. 


4 Click GroupWise > Address Book to display the Address Book page. 


Properties of Provo2 


|| NDS Rights + | Other | Rights to Files and Folders | 
Address Book : 


Sort address book by: First Name, Last Name fa 


Address Book Fields: Available Fields: 
(Given Name (required) Account ID 

Last Name (reguired) 
Phone Description 


‘Object ID Distinguished Name 
Post Office Name Middle Initial 


Domain Name Kl Personal Title 
Department Qualifier 

Title 
Network ID 
File ID 

Fax 


Company 


| 


Ei 


Edit Labe! Map Additional Fields 


*Administrator-defined field 
[T Do Not Display User Comments 


Page Options... 


5 Use this page to configure the Address Book to control how it appears to GroupWise client users 
in all post offices in the domain. See Section 6.1, “Customizing Address Book Fields,” on 
page 105 for more information. 


Managing Domains 147 


6 Click GroupWise > Addressing Rules to display the Addressing Rules page. 


Properties of Provo2 


DS Rights + | Other | Rights to Files and Folders 


Addressing rules used by this domain: 


Page Options... 


This page lists all addressing rules that have been set up for the domain. Addressing rules are 
typically used with GroupWise gateways. 


NOTE: GroupWise gateways are legacy products and are not supported with the current 
GroupWise version. 


7 Click GroupWise > Internet Addressing to display the Internet Addressing page. 


Properties of Provo2 


NDS Rights + | Other | Rights to Files and Folders 


Preferred Address format: 
l @intemet domain nam 
Defined at: Corporate Mail 
Allowed Address Formats 

F 


Defined at: Corporate Mail 


Internet domain name: 
rate 7 


Defined at: Corporate Mail 
I For incoming mail, recipients are known exclusively by this Internet domain name 


Internet Agent for outbound SMTPMIME messages: 


Defined at: Corporate Mail 


Alternate Internet Agent for outbound SMTPMIME messages: 
<None> z 


Page Options... 


Use this page to override any Internet addressing settings established at the system level. See 
Section 52, “Configuring Internet Addressing,” on page 743 for more information. 


8 Click GroupWise > Default WebAccess to display the Default WebAccess page. 
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NOTE: This page applies only to domains that have not yet been updated to GroupWise 2012. 
GroupWise 2012 does not include the WebAccess Agent. 


Properties of Provo2 


i GroupWise 
[Pera EHE Os 


Override Default WebAccess Gateway: 
x || 


Page Options... M Cancel | 


Use this page to designate the default WebAccess Agent (gateway) for the legacy domain. 
9 Click GroupWise > Admin Lockout Settings. 


Properties of Provo2 
Adin Lockout Setting 


Override 
E ja 
Defined at: Corporate Mail 


Minimum Snapin Release Version (x.x.x) 


Not Defined 


Minimum Snapin Release Date 


Not Defined 


Page Options... 


Use this page to control the version of the GroupWise Administrator snap-ins to ConsoleOne 
that is allowed to access GroupWise databases. See Section 4.2.6, “Admin Lockout Settings,” on 
page 76 for more information. 


10 Click OK to save the new domain settings. 
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9.3 Converting a Secondary Domain to a Primary Domain 


You can change which domain is primary if it becomes more convenient to administer the primary 
domain from a different location. You can, however, have only one primary domain at a time. When 
you convert a secondary domain to primary, the old primary domain becomes a secondary domain. 


To convert a secondary domain to primary: 


1 In ConsoleOne, connect to the primary domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


2 Make sure there are no pending operations for the primary domain, as described in Section 4.5, 
“Pending Operations,” on page 80. 


3 Browseto and select the secondary domain you want to convert. 


4. Click Tools > GroupWise Utilities > System Maintenance. 


GroupWise System Maintenance 


C Validate Database 

C Recover Database 

© Rebuild Database 

© Reclaim Unused Space 

C Rebuild Indexes for Listing 
0 


© Sync Primary with Secondary 


C Release Secondary 
c 


Cc 


Description: 
Convert to primary promotes a secondary domain to 
primary. The existing primary domain for the system 
becomes a secondary domain. 


5 Click Convert Secondary to Primary. 
6 Specify the path to the secondary domain database, then click OK. 


The GroupWise View in ConsoleOne displays the primary domain with a red underscore. 


o| 


© GroupvWise System 
@ Provot 


QA Manufacturing 


QÀ RandD 


2} Provo2 
QA Accounting 


JÀ Sales 


{i} 


o; 
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9.4 


Replacing the Primary Domain Database with a Secondary 


Domain Database 


If the primary domain database (wpdomain . db) has become so damaged that it cannot be rebuilt, and 


if you do not have a current backup ofit, you can replace the primary domain database with the 
contents of a secondary domain database. You should only do this if you are confident that the 
secondary domain database is completely synchronized with current GroupWise domain 
information. 


To replace the primary domain database with the contents of a secondary domain database: 


1 Make sure you have full administrative rights to the primary domain database directory. 
2 Stop the MTA for the primary domain. 
3 In ConsoleOne, connect to the secondary domain where the current database is located. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


4 Browse to and select the Domain object for the secondary domain. 


5 Click Tools > GroupWise Utilities > System Maintenance. 


(7 Replace Primary with Secondary 


Description: 
Replace primary with secondary allows a lost primary 
database to be recovered using the information in the 
secondary domain. 


6 Click Replace Primary with Secondary > Run. 


7 When prompted, make sure the Path to Database field displays the path to the primary domain. 


8 (Conditional) If an incorrect path is displayed, browse to and select the path to the primary 
domain database, then click OK. 


ConsoleOne then updates the primary domain database with the current contents of the selected 


secondary domain database. 


9 When the primary domain database has been replaced, restart the MTA for the primary domain. 
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9.5 Moving a Domain 


You cannot use ConsoleOne to move a Domain object to a different location in the eDirectory tree 
because it is a container object. Only leaf objects can be moved. If you need to change the context, 
graft the Group Wise domain to its corresponding eDirectory object in the new container location. See 
Section 5.15, “GW / eDirectory Association,” on page 99 for more information about grafting objects. 


You can, however, move the domain directory and the domain database (wpdomain.db) by copying 
the domain directory structure and all its contents to the new location. 


IMPORTANT: These instructions are for moving the domain from one location to another on the 
same platform. If you want to move a domain from a Windows server to a Linux server, follow the 
instructions in the GroupWise Server Migration Guide. 


1 


Back up the domain, as described in Chapter 31, “Backing Up GroupWise Databases,” on 
page 431. 


In ConsoleOne, browse to and right-click the domain to move, then click Properties to display the 
domain Identification page. 


In the UNC Path field, change the path to the location where you want to move the domain, then 
click OK to save the new location. 


The format of the path in the UNC Path field depends on whether you are running Linux 
ConsoleOne or Windows ConsoleOne, and on whether the domain is on Linux or Windows. 
Retain the original format of the path in your modified version of the location. 


The location change is propagated throughout your GroupWise system. 


Stop the MTA, and if applicable, other agents (Internet Agent and Monitor Agent) that are 
running for the domain. 


(Conditional) On Linux: 
5a In a terminal window, log in as root, then provide the root password. 


5b Use cp to copy the domain directory and database to the new location: 


cp -r domain directory destination 


(Conditional) On Windows: 
6a Use xcopy with the /s and /e options to copy the domain directory and database to the 
new location: 


xcopy domain directory /s /e destination 
These options re-create the same directory structure even if directories are empty. 
6b Give rights to all objects that need to access the domain database. 


For example, if the new location is on a different server, the Windows MTA and GroupWise 
administrators who run ConsoleOne need adequate rights to the new location, as described 
in Chapter 87, “GroupWise Administrator Rights,” on page 1127. 


Edit the MTA and other agent startup files to reflect the changes, then restart the MTA and other 
agents. 


See Section 42.1.7, “Adjusting the MTA for a New Location of a Domain or Post Office,” on 
page 640. 


When you are sure the domain is functioning properly in its new location, delete the original 
domain directory and its contents. 
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If you need to move the MTA along with its domain, see Section 42.1.6, “Moving the MTA toa 
Different Server,” on page 640. 


Deleting a Domain 


You can delete a domain only when it no longer owns subordinate GroupWise objects. For example, 
you cannot delete the primary domain of your GroupWise system if it still owns secondary domains. 
You cannot delete a secondary domain if it still owns post offices. However, MTA and Gateway 
objects are automatically deleted along with the Domain object. Keep the MTA running until after 
you have deleted the domain, so that it can process the object deletion reguests. 


1 In ConsoleOne, connect to the primary domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


2 Browse to and right-click the Domain object you want to delete, then click Properties to display 
the domain Identification page. 


Properties of Provo1 


roupWise + || NDS Rights | Other | Rights to Files and Folders 
Identification 


Domain: Provo1 


Description: 


UNC Path: \\IBD-GWi\mail\gwsystem|provol 


Language: English - US 


Domain Type: Primary 
Time Zone: (GMT-07:00) Mountain Time (US & Canada) 


Database Version: 12 


Administrator: 


View Client Options 


3 Verify that the current directory path displayed on the domain Identification page is correct. 
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4 Click Post Offices, then move or delete any post offices that belong to this domain, as described in 
Section 12.10, “Moving a Post Office,” on page 212 and Section 12.11, “Deleting a Post Office,” 
on page 214. 


Properties of Provo2 


|| NDS rights + | Other | Rights to Files and Folders 


GroupVVise Post Offices: 


Sales .GroupVvise 
(Support .GroupWise 


Page Options... | Cancel | 


5 Right-click the Domain object, then click Delete to delete the Domain object from eDirectory. 
6 When prompted, click Yes to delete the corresponding domain directory structure. 


7 Stop the MTA for the domain, as described in the following sections in the GroupWise 2012 
Installation Guide: 


+ “Stopping the Linux GroupWise Agents” 
+ “Stopping the Windows GroupWise Agents” 


8 Uninstall the MTA software if applicable, as described in the following sections in the GroupWise 
2012 Installation Guide: 


¢ “Uninstalling the Linux GroupWise Agents” 
+ “Uninstalling the Windows GroupWise Agents” 


9.7 Changing the MTA Configuration to Meet Domain Needs 


Because the MTA transfers messages between domains and between post offices in the same domain, 
it affects the domain itself, local users in post offices belonging to the domain, and users who 
exchanges messages with local users in the domain. Proper MTA configuration is essential for a 
smoothly running GroupWise system. Complete details about the MTA are provided in Part X, 
“Message Transfer Agent,” on page 619. As you create and manage domains, you should keep in 
mind the following aspects of MTA configuration: 

+ Section 42.2.1, “Restricting Message Size between Domains,” on page 642 

+ Section 42.2.2, “Securing the Domain with SSL Connections to the MTA,” on page 643 

+ Section 42.3.2, “Scheduling Direct Domain Links,” on page 647 


+ Section 44.1, “Optimizing TCP/IP Links,” on page 685 
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10.1 


10.1.1 


Managing the Links between Domains 
and Post Offices 


When you create a new secondary domain in your GroupWise system or a new post office ina 
domain, you configure one direct link to connect the new domain or post office to a domain in your 
GroupWise system. For simple configurations, this initial link might be adeguate. For more complex 
configurations, you must modify link types and protocols to achieve optimum message flow 
throughout your GroupWise system. 


The following topics help you manage links between domains and post offices: 


+ Section 10.1, “Understanding Link Configuration,” on page 155 
+ Section 10.2, “Using the Link Configuration Tool,” on page 161 
+ Section 10.3, “Interpreting Link Symbols,” on page 168 

+ Section 10.4, “Modifying Links,” on page 169 


Understanding Link Configuration 


In GroupWise, a link is defined as the information required to route messages between domains, post 
offices, and gateways in a GroupWise system. Initial links are created when domains, post offices, 
and gateways are created. The following topics help you understand link configuration: 

¢ Section 10.1.1, “Domain-to-Domain Links,” on page 155 

+ Section 10.1.2, “Domain-to-Post-Office Links,” on page 158 

+ Section 10.1.3, “Link Protocols for Direct Links,” on page 159 


Domain-to-Domain Links 


The primary role of the MTA is to route messages from one domain to another. Domain links tell the 
MTA how to route messages between domains. Domain links are stored in the domain database 
(wpdomain.db). There are three types of links between source and destination domains: 

¢ “Direct Links” on page 156 

+ “Indirect Links” on page 156 

+ “Gateway Links” on page 158 
As an alternative to configuring individual links between individual domains throughout your 


GroupWise system, you can establish a system of one or more routing domains. See Section 42.3.1, 
“Using Routing Domains,” on page 645. 
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Direct Links 


In a direct link between domains, the source domain’s MTA communicates directly with the 
destination domain’s MTA. If it is using a TCP/IP link, the source domain MTA communicates 
messages to the destination domain MTA by way of TCP/IP, which does not reguire disk access by 
the source MTA in the destination domain. This is the recommended configuration, and is the only 
option for domains on Linux. 


If a Windows domain is using a mapped or UNC link, the source domain MTA writes message files 
into the destination domain MTA input gueue, which does reguire disk access by the source MTA in 
the destination domain. For additional details about the configuration options for direct links, see 
Section 10.1.3, “Link Protocols for Direct Links,” on page 159. 


Domain A Domain B 
ey UNC Path ey 
Mapped Drive 
TCP/IP 


Direct links can be used between all domains. This is a very efficient configuration but might not be 
practical in a large system. 


Domain 1 


FRS 


Domain 5 Domain 2 


t 4 
a V 


Domain 4 =>" Domain 3 


Indirect Links 


In an indirect link between domains, the source domain's MTA routes messages through one or more 
intermediate MTAs in other domains to reach the destination domain's MTA. In other words, an 
indirect link is a series of two or more direct links. 


In large systems, direct links between each pair of domains might be impractical, so indirect links can 
be common. Properly configured links optimize message flow throughout your Group Wise system. 
A variety of indirect link configurations are possible, including: 

+ “Simple Indirect Links” on page 157 

+ “Star Configuration” on page 157 

+ “Two-Way Ring Configuration” on page 158 


+ “Combination Configuration” on page 158 
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Simple Indirect Links 


In simplest form, an indirect link can be used to pass messages between two domains that are not 
directly linked. 


Domain A 
UNC Path A ,*, NUNC Path 
Mapped Drive on MA Mapped Drive 
TCP/IP ,? Indirect S4 TCP/IP 
rg Link “a 
Domain B Domain C 
Star Configuration 


In a star configuration, one central domain is linked directly to all other domains in the system. All 
other domains are indirectly linked to each other through the central domain. 


Domain 2 
CA 


Domain 6 Il Domain 3 


SA sem? 


AN, 


Bd 5 & 4 


If you have more than ten domains, you might want to designate the central domain as a routing 
domain. The sole function of a routing domain is to transfer messages between other domains; it has 
no post offices of its own. See Section 42.3.1, “Using Routing Domains,” on page 645. 


The major drawback of the star configuration is that the central domain is a single point of failure. 
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10.1.2 


Two-Way Ring Configuration 


In a two-way ring configuration, each domain is directly linked to the next and previous domains in 
the ring and indirectly linked to all other domains in the system. 


Domain 1 


PS 


Domain 5 Domain 2 


a q 


—_. 
` ee 
Domain 4 ~ Domain 3 


An advantage of the two-way ring configuration is that it has no single point of failure. A 
disadvantage is that, depending on the size of the system, a message might go through several 
domains before arriving at its destination. A two-way ring works well in a system with five domains 
or less because transferring a message never requires more than two hops. 


Combination Configuration 


These three basic link configurations can be combined in any way to meet the needs of your 
GroupWise system. 


Gateway Links 


In a gateway link between domains, the sending domain’s MTA must route the message through a 
gateway to reach its destination. Gateways can be used to: 


¢ Link domains within your GroupWise system. See “Using Gateway Links between Domains” on 
page 636. 


¢ Link your GroupWise system to another GroupWise system through an external domain. See 
“Using Direct Links” in “Connecting to Other GroupWise Systems” in the GroupWise 2012 Multi- 
System Administration Guide 


For more information, see the GroupWise Gateways Documentation Web site (http:// 
www.novell.com/documentation/gwgateways). 


NOTE: Group Wise gateways are legacy products and are not supported with the current GroupWise 
version. 


You cannot locate a post office across a gateway link from its domain. 


Domain-to-Post-Office Links 


Between a domain and its post offices, all links must be direct links. There are no alternative link 
types between a domain and its post offices. 
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10.1.3 


Link Protocols for Direct Links 


The link protocol of a direct link between domains determines how the MTAs for the domains 
communicate with each other across the link. When you create a new domain, you must link it to an 
existing domain. This creates the initial domain-to-domain link. 


Between a domain and a post office, the link protocol determines how the MTA transfers messages to 
the post office. Messages do not flow directly from one post office to another within a domain. 
Instead, they are routed through the domain. When you create a new post office, you must specify 
which domain it belongs to. This creates the initial domain-to-post-office link. 


There are three link protocols for direct links between domains and between a domain and its post 
offices: 


+ “TCP/IP Links” on page 159 
+ “Mapped Links” on page 159 
+ “UNC Links” on page 160 


NOTE: On Linux, TCP/IP links are required. On Windows, they are recommended. 


TCP/IP Links 


+ “Domain-to-Domain TCP/IP Links” on page 159 
+ “Domain-to-Post-Office TCP/IP Links” on page 159 


Domain-to-Domain TCP/IP Links 


Ina TCP/IP link between domains, the source MTA and the destination MTA communicate by way of 
TCP/IP rather than by writing message files into queue directories. The source MTA establishes a 
TCP/IP link with the destination MTA and transmits whatever messages need to go to that domain. 
The destination MTA receives the messages and routes them on to local post offices or to other 
domains as needed. During the process, message files are created in the gwinprog directory for 
backup purposes and are deleted when the TCP/IP communication process is completed. 


Domain-to-Post-Office TCP/IP Links 


In a TCP/IP link between a domain and a post office, you must configure both the POA and the MTA 
for TCP/IP. The source MTA establishes a TCP/IP link with the destination POA and transmits 
whatever messages need to go to that post office. The destination POA receives the messages and 
delivers them into mailboxes in the post office. During this process, message files are created in the 
POA input queue for backup purposes and are deleted when delivery is completed. 


Mapped Links 
Mapped links apply only to domains on Windows servers. 
¢ “Domain-to-Domain Mapped Links” on page 159 
+ “Domain-to-Post-Office Mapped Links” on page 160 
Domain-to-Domain Mapped Links 


In a mapped link between domains, the location of the destination domain is specified in the 
following format: 
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drive:\domain directory 
The source MTA writes message files into its output gueue at the following location: 
drive:\domain directory\wpcsin 


The files are sent as input for the destination domain's MTA. Because drive mappings are 
changeable, you can move the domain directory structure, map its new location to the original drive 
letter, and the domain-to-domain link is still intact. 


Domain-to-Post-Office Mapped Links 


In a mapped link between a domain and a post office, the location of the post office is specified in the 
following format: 


drive:\post office directory 
The MTA writes message files into its output queue at the following location: 


drive:\post office directory\wpcsout 


The files are sent as input for the post office's POA. Because drive mappings are changeable, you can 
move the post office directory structure, map its new location to the original drive letter, and the 
domain-to-post-office link is still intact. 


UNC Links 


UNC links apply only to domains on Windows servers. 


+ “Domain-to-Domain UNC Links” on page 160 
+ “Domain-to-Post-Office UNC Links” on page 160 


Domain-to-Domain UNC Links 


In a UNC link between domains, the location of the destination domain is specified in the following 
format: 


\\server\volume\domain directory 
The source MTA writes message files into its output gueue at the following location: 
\\server\volume\domain directory\wpcsin 


The files are sent as input for the destination domain's MTA. Because UNC paths represent absolute 
locations on your network, if you move the domain to a new location, you need to edit the link to 
match. 


Domain-to-Post-Office UNC Links 


In a UNC link between a domain and a post office, the location of the post office is specified in the 
following format: 


\\server\volume\post office directory 
The MTA writes message files into its output queue at the following location: 
\\server\volume\post office directory\wpcsout 


The files are sent as input for the post office's POA. Because UNC paths represent absolute locations 
in your network, if you move the post office to a new location, you need to edit the link to match. 
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10.2 Using the Link Configuration Tool 


10.2.1 


The Link Configuration tool helps you manage the links between the domains and post offices in 
your GroupWise system. The following topics help you perform basic link management tasks: 


+ 


+ 


+ 


+ 


+ 


Section 10.2.1, “Starting the Link Configuration Tool,” on page 161 

Section 10.2.2, “Editing a Domain Link,” on page 162 

Section 10.2.3, “Editing Multiple Domain Links,” on page 163 

Section 10.2.4, “Editing a Post Office Link,” on page 165 

Section 10.2.5, “Viewing the Path of an Indirect Link between Domains,” on page 165 
Section 10.2.6, “Viewing the Indirect Links Passing through a Domain,” on page 166 
Section 10.2.7, “Viewing the Gateway Links Passing through a Gateway,” on page 167 
Section 10.2.8, “Saving and Synchronizing Link Configuration Information,” on page 168 


Starting the Link Configuration Tool 


The Link Configuration tool is provided to help you change from default links to whatever link 


configuration best suits your GroupWise system. 


1 In ConsoleOne, select the Domain object whose links you want to modify. 


2 Click Tools > GroupWise Utilities > Link Configuration to display the Link Configuration Tool 


window. 


GroupWise Link Configuration Tool - K:\gwsystem\provo1 


File Edit Search View Window Help 


gs! KE 7| a | dk] [Provot (Primary) 


Domain: Provo1 


Outbound Links from Provo1 
rDirect Indirect 


* Provo2 °$ Provod (Provo2) 
% Provo3 


r Gateway 
% Internet (GMA) 


rUndefined 


rDirect 
% Provo2 
% Provos 


rindirect 
g Provo4 (Provo2) 


The most frequently used features of the Link Configuration tool are available on the toolbar: 


Button Menu Equivalent 


Al File > Open 
LE File > Save 
B| Edit > Undo 


E Help > Help 


Function 


Open a different domain database (wpdomain.db) to modify links in 


a different domain 


Save the current link configuration information to the domain 
database 


Undo your changes to the link configuration (since the last save) 


Display online Help for the Link Configuration tool 
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Button Menu Eguivalent Function 


ey Search > Find Search for a specified domain 

Ss Double-click object Display details of the selected object 

ESI View > Domain Links View domain links for the selected domain 
El View > Post Office Links View post office links for the selected domain 


3 Continue with a specific link management task: 
+ Section 10.2.2, “Editing a Domain Link,” on page 162 
+ Section 10.2.3, “Editing Multiple Domain Links,” on page 163 
+ Section 10.2.4, “Editing a Post Office Link,” on page 165 
Section 10.2.5, “Viewing the Path of an Indirect Link between Domains,” on page 165 


+ 


+ 


Section 10.2.6, “Viewing the Indirect Links Passing through a Domain,” on page 166 


+ 


Section 10.2.7, “Viewing the Gateway Links Passing through a Gateway,” on page 167 


10.2.2 Editing a Domain Link 


After starting the Link Configuration tool: 


1 Fromthe drop-down list, select the domain whose links you want to edit. 
2 Click View > Domain Links to display domain links. 
Outbound and inbound links for the selected domain are listed. 


GroupWise Link Configuration Tool - K:\gwsystem\provo1 Ce) 
File Edit Search View Window Help 


gs! KE 7| 2 | REl [Provot (Primary) 


Domain: Provo1 


Direct Indirect r Gateway Undefined 
k * Provo2 °$ Provo4 (Provo2) % Internet (GWA) 
% Provo3 


rDirect rindirect 
+ Provo2 g Provo4 (Provo2) 
% Provos 


3 Double-click a domain in the Outbound Links list to edit the link to that domain from the selected 
domain. 


Or 
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10.2.3 


Double-click a domain in the Inbound Links list to edit the link from that domain to the selected 
domain. 


Edit Domain Link 


Description: How Provol connects to Provo2 


Link Type: CE al Cancel 


Protocol: TCP/IP Y 


-— - Scheduling... 
IP Address: ljbd-gw.provo.novell.com : 7100 [ Seheduing.-. ] 


Override 


Maximum send message size: 0 8 MBytes 


Delay message size: [ 0 SI MBytes 


Transfer Pull Info... External Link Info... 


TIP: You can also open the Edit Domain Link dialog box by dragging a domain from one link 
type to another. 


4 Selectthe link type: 
+ “Direct Links” on page 156 
+ “Indirect Links” on page 156 
+ “Gateway Links” on page 158 
5 For a direct link, select the link protocol: 
+ “Mapped Links” on page 159 
+ “UNC Links” on page 160 
+ “TCP/IP Links” on page 159 
6 Provide the location of the domain in the format appropriate to the selected protocol. 
7 Click OK. 
8 Repeat Step 1 through Step 7 for whatever links you need to modify. 


As a time-saving measure, you can make a new domain’s links the same as an existing domain’s 
links. Click Edit > Default Links, then click the domain whose links you want to use as a pattern 
for the new domain. Select Outbound and/or Inbound as needed, then click OK. 


To look at the same link information from different points of view, you can start the Link 
Configuration tool multiple times to open multiple Link Configuration Tool windows. 


9 To exit the Link Configuration Tool and save your changes, click File > Exit > Yes. 


Editing Multiple Domain Links 


When your GroupWise system includes indirect links, it is not unusual for several domains to link to 
the same domain. As a time-saving measure, you can create links from multiple domains to the same 
domain in one operation. 
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After starting the Link Configuration tool: 
1 Click Edit > Multiple Link Edits. 


Multiple Link Edits - Outbound Links 


Domains to be linked: Indirect link through: Link to: 


Internet Internet Internet 
Provo1 Provo1 Provo1 
Provo2 Provo2 Provo2 
Provo3 Provo3 Provo3 
Provo4 Provo4 Provo4 


Cancel 


Help 


Select All Select All 


2 Inthe Domains to Be Linked column, select the source domains whose outgoing links you want to 
modify. 

3 In the Indirect Link Through column, select the intermediate domain through which you want the 
indirect links to pass. 


4 Inthe Link To column, select one or more destination domains. 
5 Click OK. 


6 Fillin the fields in the Edit Domain Link dialog box for each direct link between a source domain 
and the intermediate domain, as described in Section 10.2.2, “Editing a Domain Link,” on 
page 162, then click OK. 


Edit Domain Link 
Description: How Provol connects to Provo2 
Link Type: CE xj Come) 
Settings (Help | 


Protocol: TCP/IP Y | 
Se —, Scheduling... 
IP Address: |jpd-gw.provo.novell.com ; 7100 | CScheduing…] 


Override 


Maximum send message size: | 0 8 MBytes 


Delay message size: [ 0 [E MBytes 


Transfer Pull Info... External Link Info... 


The Edit Domain Link dialog box continues to appear until you have defined all the direct links 
between the source domains and the intermediate domain. 


IMPORTANT: After defining links from the source domains to the intermediate domain, make sure 
the links from the intermediate domain to other domains are set up the way you want them. 
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10.2.4 Editing a Post Office Link 


10.2.5 


After starting the Link Configuration tool: 


1 From the drop-down list, select the domain whose post office link you want to edit. 
2 Click View > Post Office Links to display post office links. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 
File Edit Search View Window Help 


Post Office Links for Provo2 
Post Office Links for Provo2 


Post Office 


Sales jbd-win:1677,7101 


3 Double-click a post office to edit the link from the domain to the post office. 


KS Edit Post Office Link 


Post Office: Development OK 
Protocol: TCPAP m 


Cancel 


Post Office Agent: [POA 


+ 


= Help 
IP Address: ibd-gw.provo.novell.com : 7101 Zi 


Client/Server Port: {1677 


Maximum send message size: 0 + MBytes: 


4 Select the link protocol for the direct link. 
+ “Mapped Links” on page 159 
+ “UNC Links” on page 160 
+ “TCP/IP Links” on page 159 


5 Provide the location of the post office in the format appropriate to the selected protocol. 


6 For a TCP/IP link, provide the message transfer port number where you want the POA to listen 
for incoming messages from the MTA. 


The default message transfer port for the POA is 7101. 
7 Click OK. 


8 To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


Viewing the Path of an Indirect Link between Domains 


The more hops between two indirectly linked domains, the longer it takes a message to travel 
between them. To make sure the number of hops between two indirectly linked domains is as small 
as possible, you can list the route a message would take from one domain to the other in ConsoleOne. 


After starting the Link Configuration tool: 


1 Select a domain from the drop-down list. 


2 Select a domain in the Indirect links list. 
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3 Click View > Link Path to see a list of the hops between the two domains. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 


File Edit Search View Window Help 


MM 2 SINS) SI] Poor omen J ISIC 


Link path: Provo1 --> Provo4 


Provo2 
Provo4 


You can also use GroupWise Monitor to trace the path a message would take between two domains 
See Section 71.3.1, “Link Trace Report,” on page 979. 


10.2.6 Viewing the Indirect Links Passing through a Domain 


If a domain serves as a hop in an indirect link, making changes to that domain could affect all indirect 


links passing through that domain. You can list all the indirect links that pass through a domain in 
ConsoleOne. 


After starting the Link Configuration tool: 
1 Click View > Link Hop to list all domains in your system. 


KE select GroupWise Object 
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2 Double-click a domain to list the indirect links passing through it. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 BEE 
File Edit Search View Window Help 


(69) LIL] 2] Q à R T [erovot (Primary) 


Hop Domain Name: Provo1 


Domain Hop Domain Name Dest Domain Name 


3 If you need to reroute a link, right-click the link, then click Edit to open the Edit Domain Link 
dialog box and make changes as needed. 


You can also use GroupWise Monitor to check the links passing through a selected domain. See 


Section 71.3.2, “Link Configuration Report,” on page 980. However, you cannot change link 
information using Monitor. 


10.2.7 Viewing the Gateway Links Passing through a Gateway 


Before making changes to a gateway, you can list all the links that pass through the gateway. 
After starting the Link Configuration tool: 


1 Click View > Gateway Hop to list all gateways in your system. 


K select Group Wise Object 


Domain Gateway 
Async 
GMA 
Exchange 
GWA 
Notes 


GMIA 
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2 Double-click a gateway to list the domains linked through that gateway. 


GroupWise Link Configuration Tool - K:\gwsystem\provo1 
File Edit Search View Window Help 
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Gateway Hop: GWIA BEE 


Domain Gateway Dest Domain Name 


GWA Internet | 


3 If you need to reroute a link, right-click the link, then click Edit to open the Edit Domain Link 
dialog box and make changes as needed. 


10.2.8 Saving and Synchronizing Link Configuration Information 


Whenever you modify link configuration information, a cautionary symbol (see Section 10.3.2, “Link 
Status Symbols,” on page 169) appears next to the modified link until you save the current link 
configuration by clicking Edit > Save. If you are making extensive changes to link configuration 
information, you should save regularly. When you save, the information is written out to the domain 
database (wpdomain .db) for the domain to which you are currently connected. You can change to a 
different domain database without exiting the Link Configuration tool by clicking File > Open. 


The MTA routinely synchronizes the information in the domain databases throughout your 
GroupWise system. If you are making extensive changes to link configuration information, you can 
synchronize the information immediately by clicking Edit > Synchronize. 


10.3 Interpreting Link Symbols 


As you modify links, you see symbols that represent the various link types. Along with the link type 
symbols, you sometimes see link status symbols. 


+ Section 10.3.1, “Link Type Symbols,” on page 168 
+ Section 10.3.2, “Link Status Symbols,” on page 169 


10.3.1 Link Type Symbols 


Link Type Meaning 


Symbol 

«, Direct link 

= Indirect link 

% Gateway link 

& TCP/IP link to domain 
gr TCP/IP link to post office 
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Link Type Meaning 
Symbol 


% Undefined link 


10.3.2 Link Status Symbols 


Link Meaning 

Status 

Symbol 

+ Link modification not yet saved 

x Link modification not yet synchronized 
Tt Insufficient rights to modify link 


> 


Rights not yet checked 


10.4 Modifying Links 


In Part IX, “Post Office Agent,” on page 469 and Part X, “Message Transfer Agent,” on page 619, 
detailed instructions for changing link types are provided as outlined below: 


Changing the Link Protocol between the Post Office and the Domain 


+ “Using TCP/IP Links between the Post Office and the Domain” on page 487 
+ “Using Mapped or UNC Links between the Post Office and the Domain” on page 489 


Changing the Link Protocol between Domains 


+ “Using TCP/IP Links between Domains” on page 632 
+ “Using Mapped or UNC Links between Domains” on page 635 


+ “Using Gateway Links between Domains” on page 636 


Customizing Link Configuration 


+ “Using Routing Domains” on page 645 
¢ “Scheduling Direct Domain Links” on page 647 
+ “Using a Transfer Pull Configuration (Windows Only)” on page 650 
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| | | Post Offices 


+ Chapter 11, “Creating a New Post Office,” on page 173 
+ Chapter 12, “Managing Post Offices,” on page 189 
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Creating a New Post Office 


As your GroupWise system grows, you typically need to add new post offices. 


+ Section 11.1, “Understanding the Purpose of Post Offices,” on page 173 
+ Section 11.2, “Planning a New Post Office,” on page 174 

+ Section 11.3, “Setting Up the New Post Office,” on page 181 

+ Section 11.4, “What's Next,” on page 186 

+ Section 11.5, “New Post Office Summary Sheet,” on page 187 


IMPORTANT: If you are creating a new post office in a clustered GroupWise system, see the 
GroupWise 2012 Interoperability Guide before you create the post office: 


11.1 Understanding the Purpose of Post Offices 


The post office serves as an administrative unit for a group of users and is used for addressing 
messages. Each GroupWise user has a unique GroupWise address that consists of a user ID, the 
user’s post office name, the GroupWise domain name, and, optionally, an Internet domain name. 


The following diagram illustrates the logical organization of a GroupWise domain with multiple post 
offices. The two post offices belong to the domain. All of the objects under each post office belong to 
that post office. 


Domain 


(rex Post Office Post Office (rem 


SNS 


Se ypyrrey7yy Cor eye ye 


GroupWise GroupWise GroupWise GroupWise GroupWise GroupWise GroupWise 
Resources Users Distribution Resources Users Distribution Library 
Lists Lists 


As illustrated above, each post office must have at least one Post Office Agent (POA) running for it. 
The POA delivers messages to users” mailboxes and performs a variety of post office and mailbox 
maintenance activities. 
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11.2 


11.2.1 


When you add a new post office, you must link it to a domain. The link defines how messages travel 
between the post office and its domain. Links are discussed in detail in Chapter 10, “Managing the 
Links between Domains and Post Offices,” on page 155. 


Physically, a post office consists of a set of directories that house all the information stored in the post 
office. To view the structure of the post office directory, see “Post Office Directory” in Group Wise 2012 
Troubleshooting 3: Message Flow and Directory Structure. The post office directory contains user 
mailboxes and messages, as well as other vital information. For an overview, see Section 35.3, 
“Information Stored in the Post Office,” on page 472. 


Planning a New Post Office 


This section provides the information you need in order to decide when, where, and how to create a 
new post office. The “New Post Office Summary Sheet” on page 187 lists all the information you need 
as you set up your post office. The items in the summary sheet are listed in the order you enter them 
when setting up your post office. This planning section does not follow the same order as the 
summary sheet, but all summary sheet items are covered. You should print the summary sheet and 
fill it out as you complete the tasks listed below. 

+ Section 11.2.1, “Determining When to Add a Post Office,” on page 174 

+ Section 11.2.2, “Selecting the Domain That the Post Office Belongs To,” on page 176 

+ Section 11.2.3, “Determining the Context for the Post Office Object,” on page 176 

+ Section 11.2.4, “Choosing the Post Office Name,” on page 176 

+ Section 11.2.5, “Deciding Where to Create the Post Office Directory,” on page 177 

+ Section 11.2.6, “Deciding Where to Install the Agent Software,” on page 178 

+ Section 11.2.7, “Deciding How to Link the New Post Office,” on page 178 

+ Section 11.2.8, “Selecting the Post Office Language,” on page 179 

+ Section 11.2.9, “Selecting the Post Office Time Zone,” on page 179 

+ Section 11.2.10, “Selecting a Software Distribution Directory,” on page 179 

+ Section 11.2.11, “Selecting a Post Office Security Level,” on page 180 

+ Section 11.2.12, “Deciding if You Want to Create a Library for the New Post Office,” on page 180 


After you have completed the tasks and filled out the “New Post Office Summary Sheet” on page 187, 
you are ready to continue with Section 11.3, “Setting Up the New Post Office,” on page 181. 


Determining When to Add a Post Office 


After you have your basic GroupWise system up and running, you can expand it to accommodate 
additional users. How do you know when you should add a post office? The answer to this depends 
on your company organization, the number of users on your network, and the physical limitations of 
your network servers. 


* Physical Organization: If your network spans several sites, you might want to create post offices 
(if not domains) at each physical location. This reduces the demands on long distance network 
links. 


+ Logical Organization: Processing messages within a post office is faster and typically generates 
less network traffic than messages traveling between different post offices. As you expand 
GroupWise, you might find it useful to add post offices in order to group users who freguently 
send mail to each other. 
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Grouping users into post offices, based upon company organization or job function, makes 
administrative tasks, such as creating distribution lists, limiting Address Book visibility, and 
distributing shared folders, easier. For example, some employees might work in corporate 
functions like accounting and human resources. Other employees might be involved in sales and 
marketing and freguently attend meetings together, reguiring freguent busy searches. Some 
areas, for example the production floor, might not need a workstation or user account for each 
individual. 


+ Number of Users: A GroupWise post office can support more than 10,000 users. However, the 
number of users that a single post office can support effectively is influenced by many factors, 
including: 

+ User activity level 


A post office where most users send and receive a large number of messages would support 
fewer users effectively than would a post office where users send messages only 
occasionally. 


+ User access methods 


A post office where most users use the Windows client in Online mode would support 
fewer users effectively than would a post office where most users use Caching mode. 


Users who synchronize their mobile devices with their GroupWise mailboxes also increase 
the load on the post office. 


+ Server disk speed/throughput 


The POAS activities are very disk intensive. A post office on a very high-speed server or 
SAN can support more users effectively than a post office on slower hardware. 


+ Number of post offices on a single server 


Having only one post office on a server is highly recommended. If hardware constraints 
require multiple post offices on a single server, each post office would effectively support 
fewer users than if the post office was located on its own server. 


+ Number of users affected by a down server or POA 


If a problem occurs with a server or POA, fewer users are affected when the post office is 
smaller. 


+ Maintenance time requirements 


The time required to perform post office and mailbox maintenance activities including 
backups can become excessive for a very large post office. 


+ Room for growth 


The ideal size for a new post office allows room to grow while maintaining optimal 
performance. 


+ Demand on the POA: The POA is a very flexible component of your GroupWise system. Many 
aspects of its functioning are configurable, to meet the particular needs of the post office it 
services, no matter what the size. See Chapter 36, “Configuring the POA,” on page 481 and 
Chapter 38, “Optimizing the POA,” on page 559. 


In addition, you can choose to run multiple POAs for the same post office, in order to specialize 
its functioning, as described in: 


+ Section 38.1.3, “Configuring a Dedicated Client/Server POA (Windows Only),” on page 562 


+ Section 38.2.2, “Configuring a Dedicated Message File Processing POA (Windows Only),” 
on page 565 


+ Section 39.5, “Configuring a Dedicated Indexing POA (Windows Only),” on page 577 


+ Section 38.4.2, “Configuring a Dedicated Database Maintenance POA (Windows Only),” on 
page 568 
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11.2.2 


11.2.3 


11.2.4 


As aresult, the choice is up to you whether you prefer a single, large post office, perhaps with 
multiple POAs, or multiple smaller post offices, each with its own POA. For additional guidance 
with determining post office size, visit the GroupWise Best Practices Wiki (http://wiki.novell.com/ 
index.php/GroupWise). 


Selecting the Domain That the Post Office Belongs To 


A post office is associated with a specific domain, even though it might reside in a different 
organizational unit in the eDirectory tree. If you have just one domain, the new post office will 
belong to it. If you want to create a new domain as well as a new post office, see Chapter 8, “Creating 
a New Domain,” on page 131. 


Domains function as the main administration units for the GroupWise system. Post office 
information is stored in the domain database, as well as in the post office database. Changes are 
distributed to each post office database from the domain. 


NEW POST OFFICE SUMMARY SHEET 


Under GroupWise Domain, specify the GroupWise domain that the new post office will belong to. 


Determining the Context for the Post Office Object 


The eDirectory context of the Post Office object determines how you administer the post office. The 
post office can be created in any Organization or Organizational Unit container in any context as long 
as itisinthe same tree as the domain. The same principles apply to placing Post Office objects in the 
eDirectory tree as apply for Domain objects. Review Section 8.2.4, “Determining the Context for the 
Domain Object,” on page 134 to help you plan the context for the Post Office object. 


NEW POST OFFICE SUMMARY SHEET 


Under Tree Name, specify the name of the eDirectory tree of the domain that will own the new post office. 


Under eDirectory Container, specify the name of the eDirectory container where you want to create the new 
post office. 


Choosing the Post Office Name 


The post office must be given a unigue name. The name is used for addressing and routing purposes 
within GroupWise, and might appear in the GroupWise Address Book. 


The post office name can reflect a location, organization, department, and so on. For example, you 
might want the domain name to be the location (for example, Provo) while the post office name is one 
of the company’s departments (for example, Research). Name the new post office carefully. After it is 
created, the name cannot be changed. 


The post office name should consist of a single string. Use underscores (_) rather than spaces as 
separators between words to facilitate addressing across the Internet. 


Do not use any of the following invalid characters in the post office name: 


ASCII characters 0-31 Comma, 


Asterisk * Double quote " 
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11.2.5 


At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 


Backslash \ Parentheses () 
Braces { } Period . 
Colon : Slash / 


NEW POST OFFICE SUMMARY SHEET 


Under Post Office Name, specify the post office name. 


Under Post Office Description, provide a description for the post office to help you identify its function in the 
system. 


Deciding Where to Create the Post Office Directory 


Logically, the Post Office object resides in eDirectory and is administered through ConsoleOne. 
Physically, the post office has a directory structure for databases, message queues, and other files. 
The post office directory structure can be created on any of the supported platforms listed in 
“GroupWise Administration Requirements” in the GroupWise 2012 Installation Guide. The server 
where you create the post office directory structure can be in the same tree as the Post Office object or 
in another tree. 


When you are planning the post office directory location and which users will belong to the post 
office, consider the following: 


+ Post Office Directory Space Requirements: The post office directory can be a large consumer of 
disk space. The amount of disk space required is influenced by many factors, including: 
+ Number of users in the post office 
+ Activity level of users 
+ Number and typical size of attachments 
+ Online mode vs. Caching mode for Windows client users 
+ Archive and deletion policies 
+ Libraries and document storage 


For guidance on post office directory space reguirements, visit the GroupWise Best Practices 
Wiki (http://wiki.novell.com/index.php/GroupWise). 


For details about managing post office disk space, see Section 12.3, “Managing Disk Space Usage 
in the Post Office,” on page 196. 


+ Access by the POA: For best performance, the POA should be installed on the same server as 
the post office directory. This is reguired on Linux. Remote installation is possible on Windows, 
but not recommended. 


+ Security from User Access: Users typically access their mailboxes through a TCP/IP connection 
to the POA. Therefore, users do not need access to the post office directory. You should create it 
in a location you can easily secure; otherwise, you could have files inadvertently moved or 
deleted. 
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11.2.6 


11.2.7 


Choose an empty directory for the new post office. If you want, the directory can reflect the name of 
the post office, for example research for the Research post office. Use the following platform-specific 
conventions: 


Linux: Use only lowercase characters. 
Windows: No limitations. 
Choose the name and path carefully. After the post office directory is created, it is difficult to rename 


it. If the directory you specify does not exist, it is created when you create the post office. If you create 
the directory in advance, it is easy to browse to it as you create the post office. 


IMPORTANT: Do not create the post office directory under domain directory or another post office 
directory. 


NEW POST OFFICE SUMMARY SHEET 


Under Post Office Database Location, specify the full path for the post office directory. 


Deciding Where to Install the Agent Software 


You must run a new instance of the POA for each new post office. To review the functions of the POA 
for the post office, see Section 35.5, “Role of the Post Office Agent,” on page 477. For complete POA 
installation instructions and system requirements, see “Installing GroupWise Agents” in the 
GroupWise 2012 Installation Guide. 


You can install the POA on Linux or Windows. You should install it on the same server where you 
plan to create the post office directory structure. 
NEW POST OFFICE SUMMARY SHEET 


Under Agent Platform, specify the platform where the POA will run (Linux or Windows). 


Deciding How to Link the New Post Office 


When you create a new post office, you have the opportunity to choose the type of link to use 
between the new post office and its domain. For a review of link types, see Section 10.1.2, “Domain- 
to-Post-Office Links,” on page 158. 


When you create the new post, you link it to its domain. By default, this link is a direct link using 
TCP/IP as the link protocol, which means the new post office's POA communicates with the domain’s 
MTA through TCP/IP. This is the recommended configuration, and is reguired on Linux. 


On Windows, you can configure the direct link to use a UNC path or a mapped drive as the link 
protocol, which means the new post office's POA transfers information to and from the existing 
domain by accessing the existing domain's directory, rather than by communicating with the other 
domain' MTA. 


NEW POST OFFICE SUMMARY SHEET 


Under Link to Domain, indicate the type of link you plan to set up between the new post office and its domain. 
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11.2.8 


11.2.9 


11.2.10 


Selecting the Post Office Language 


The post office language determines the sort order for items in the GroupWise Address Book. 


The post office defaults to the same language as its domain unless you specify otherwise. For 
example, if you set the domain and post office language to English-US, the Address Book items are 
sorted according to English-US sort order rules. This is true even if some users in the post office are 
running non-English GroupWise clients such as German or Japanese. Their client interface and Help 
files are in German or Japanese, but the Address Book sort order is according to English-US 
standards. Time, date, and number formats for the non-English clients defaults to the workstation 
language. 


NEW POST OFFICE SUMMARY SHEET 


Under Post Office Language, specify the post office language. 


Selecting the Post Office Time Zone 


When a message is sent from a user in one time zone to a user in another time zone, GroupWise 
adjusts the message's time so that it is correct for the recipient's time zone. For example, if a user in 
New York (GMT -05:00, Eastern Time) schedules a user in Los Angeles (GMT -08:00, Pacific Time) for 
a conference call at 4:00 p.m. Eastern Time, the appointment is scheduled in the Los Angeles user's 
calendar at 1:00 p.m. Pacific Time. 


The post office defaults to the same time zone as its domain unless you specify otherwise. 


NEW POST OFFICE SUMMARY SHEET 


Under Time Zone, specify the time zone for the new post office. 


Selecting a Software Distribution Directory 


Aninitial software distribution directory was created when your GroupWise system was first set up, 
as described in “GroupWise Software Distribution Directory” in “Installing a Basic Group Wise 
System” in the GroupWise 2012 Installation Guide. 


The software distribution directory contains files that users need in order to set up the GroupWise 
Windows client on their workstations. Additional software distribution directories might have been 
created since that time to accommodate users in various locations, as described in Section 4.9, 
“Software Directory Management,” on page 84. 


You can select the most convenient software distribution directory for the new post office. 


NEW POST OFFICE SUMMARY SHEET 


Under Software Distribution Directory, specify the name of the software distribution directory from which users 
in the new post office will install the GroupWise client software on their Windows workstations. 
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11.2.11 


11.2.12 


Selecting a Post Office Security Level 


Post office security settings affect two types of GroupWise users: 


+ Users who do not have personal GroupWise passwords set on their mailboxes 


+ Users who use LDAP passwords (that is, passwords required to log in to the network through 
an LDAP server) instead of personal GroupWise passwords to access their mailboxes 


After a user sets a personal GroupWise password on his or her mailbox, the post office security level 
no longer applies. The user is always prompted for the GroupWise password unless the 
administrator has set certain client options in ConsoleOne to prevent the password prompt, as 
described in Section 82.1.3, “Managing GroupWise Passwords,” on page 1100. 


In the absence of personal GroupWise passwords on user mailboxes, the post office security level 
takes effect. By default, a new post office is created with High Security, which provides protection to 
GroupWise mailboxes through types of authentication other than personal GroupWise passwords. In 
a High Security post office, you can choose between eDirectory authentication and LDAP 
authentication: 


+ eDirectory Authentication: If you use eDirectory authentication for a post office, users must be 
logged in to the network through eDirectory in order to access their GroupWise mailboxes. 


¢ LDAP Authentication: If you use LDAP authentication for a post office, users must successfully 
authenticate to an LDAP server, such as for network login, in order to access their GroupWise 
mailboxes. 


For more information, see Section 36.3, “Configuring Post Office Security,” on page 505 and 
Section 82.1, “Mailbox Passwords,” on page 1099. 


IMPORTANT: In a Low Security post office, mailboxes are completely unprotected. Without a 
personal GroupWise password, any user’s mailbox could be accessed by another user who knows 
how to use the @u-userID startup switch. This security level is not recommended. 


NEW POST OFFICE SUMMARY SHEET 


Under Post Office Security Level, mark the security level for the post office. If you choose High Security, 
indicate the type of authentication you plan to use. 


Deciding if You Want to Create a Library for the New Post Office 


If you anticipate that users on this post office will require document management services, you can 
create a library at the same time you create the post office. The library is created with all of the default 
library options including Store Documents at Post Office. Using a document storage area is 
preferable to storing documents at the post office because a document storage area can be moved. 
You should appropriately configure the library immediately after it is created, before users begin to 
store documents there. 


NEW POST OFFICE SUMMARY SHEET 


Under Create Library, indicate whether or not you want to immediately create a library for the new post office. 
You can always add a library to the post office at a later time. 


If you decide to create a library for the post office, see Part VII, “Libraries and Documents,” on 
page 313 for instructions on configuring the library. 
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11.3 Setting Up the New Post Office 


You should have already reviewed Section 11.2, “Planning a New Post Office,” on page 174 and filled 
out the New Post Office Summary Sheet. Complete the following tasks to create a new post office. 


+ 


Section 11.3.1, “Creating the New Post Office,” on page 181 
+ 


Section 11.3.2, “Configuring the POA for the New Post Office,” on page 185 
Section 11.3.3, “Installing and Starting the New POA,” on page 186 


+ 


+ 


Section 11.3.4, “Setting Up User Access to the New Post Office,” on page 186 


11.3.1 Creating the New Post Office 


1 Make sure that you are logged in to the tree where you want to create the post office. 


This must be the same tree as the domain that the post office belongs to (Tree Name on the New 
Post Office Summary Sheet). 


2 (Conditional) If you are creating the post office on a different machine from where you are 


running ConsoleOne, make sure that ConsoleOne has write access to the location where you 
want to create the post office. 


Linux: Mount the file system where you want to create the new post office. For assistance, see 


Section 2.1, “ConsoleOne on Linux,” on page 39. 


Windows: Map a drive to the location where you want to create the new post office. 


3 In ConsoleOne, browse to and right-click the eDirectory container where you want to create the 
post office (eDirectory Container on the New Post Office Summary Sheet), then click New > Object. 


New Object 
Create object in: 
Z CORP TREE/GroupWise 
Class: 


KB Groupwise Distribution List 
© GroupWise Domain 


Cancel 


i Help 
[ai GroupWise External Entity pe -— 
M GroupWise Library 
& GroupWise Post Office 
1a Groupise Resource 
2 httpServer 
Vr : : 


Creating a New Post Office 181 


4 Double-click GroupWise Post Office, then fill in the fields in the Create GroupWise Post Office 
dialog box from your New Post Office Summary Sheet. 


KS Create GroupWise Post Office 


Post office name: 


GroupWise Domain: 
[Provo1.GroupWise E 


Post Office Database Location: 


Language: 
English - US 


Time Zone: 
(GMT-07:00) Mountain Time (US & Canada) 


Software Distribution Directory; 
GW Linux Software 


Post Office Agent Platform: 
Linux 


Configure link 


[C] Create Library 


[C] Define additional properties 


[C] Create another post office 


Post Office Name 

GroupWise Domain 

Post Office Database Location 
Post Office Language 

Post Office Time Zone 

Software Distribution Directory 
Create Library 


5 Make sure the Configure Links and Define Additional Properties options are selected, then click OK 
to display the Link Configuration Wizard. 


Link Configuration Wizard 


Post Office Link 


The Message Transfer Agent (MTA) can link to the post office through a 
TCPAP connection to the Post Office Agent (POA) or a direct connection 
tothe post office directory. 


Novell. 


How do you want the MTA to link to the post office? 
© Direct link 


© TCPAP link 


6 Follow the on-screen instructions to define how the post office links to its domain (Link to 
Domain on the New Post Office Summary Sheet). 
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When you finish defining the link, ConsoleOne creates the Post Office object and displays the 
post office Identification page. 


Properties of Development 


I| NDS Rights + | Other | Rights to Files and Folders 


Post Office: Provo1.Development 


Description: 


UNC Path; MUIBD-GWimaillgwsystemidev 


Language; [English -U5 


Time Zone: (GMT-07:00) Mountain Time (US & Canada) 


Database Version: 12 


View Client Options Configure Non-DOS Name Space Access 


Page Options... 


7 Provide a description for the new post office (Description on the New Post Office Summary 
Sheet). 


8 Click GroupWise > Post Office Settings to display the Post Office Settings page. 


Properties of Management 


NDS Rights + | Other | Rights to Files and Folders 


Software Distribution Directory: GW Software 


Access Mode: Client/Server Only 


Delivery Mode: Use App Thresholds 


Max Age for Address Book Updates: 15 E days 
(Disable Live Move 
Restore Area: {Not Set) 


Default Archive Service Trusted Application: {Not Set) 


Override None 


Remote File Server Settings 


Remote User Name: [ 


Remote Password: Set Password 


Page Options... 


9 Selectthe software distribution directory for the post office (Software Distribution Directory on 
the New Post Office Summary Sheet). 
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184 


10 Click GroupWise > Security to display the Security page. 


Properties of Legal 


GroupWise v | NDS Rights + | Other | Rights to Files and Folders 


Security 


Security Level: 

C Low 

© High 

High Security Options 


LDAP Server 


LDAP User Name: 
LDAP Password: 
I” Disable LDAP Password Changing 
Inactive Connection Timeout: 
LDAP Pool Server Reset Timeout: 


LDAP Server Quarantine Threshold: 


Select Servers | 


| 
Fe) 
Set Password 
30 = seconds 


Ts 
24 


Page Options... 


11 Provide the post office security level and authentication type for the post office (Post Office 
Security Level on the New Post Office Summary Sheet. 


12 Click OK to save the post office information. 
13 Continue with Configuring the POA for the New Post Office. 
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11.3.2 


Configuring the POA for the New Post Office 


Although there are many POA settings, the default settings are sufficient to get your post office 
operational. However, there are a few important settings that you can conveniently modify before 
you install the agent software. 


1 In ConsoleOne, double-click the new Post Office object. 
2 Right-click the POA object, then click Properties to display the POA Identification page. 


Domain PO: Provo1 Development 
Distinguished Name: POA.Developmert GroupWise 


Name: POA 


Agent Type: Post Office 
Description: äi Post Office Agent 


Platform: [ Linux 


Page Options... 


3 Provide a description for the POA. 
The description displays on the POA agent console as the POA runs. 


4 Select the platform where the POA will run (Agent Platform on the New Post Office Summary 
Sheet). 


5 (Conditional) If you have created the post office in a clustered environment, follow the 
instructions in the appropriate section of the Group Wise 2012 Interoperability Guide. 


6 Click OK to save the POA configuration information. 


For more POA configuration options, see Section 12.12, “Changing POA Configuration to Meet 
Post Office Needs,” on page 215. 


Because the security of POA connections with the GroupWise Windows client is vital to the 
security of your GroupWise system, the following message appears: 


GroupWise Administrator x| 


SSL will not be used for Internet Client'Server connections until a proxy server has been specified. 


Would you like to enter one now? 
No | 


7 (Optional) Click Yes to open the Network Address tab of the POA so that you can enable SSL for 
the POA, as described in Section 36.3.3, “Securing the Post Office with SSL Connections to the 
POA,” on page 508, and to set up an external IP address for it, as described in Section 36.3.1, 
“Securing Client/Server Access through an External Proxy Server,” on page 506. 


or 


Click No to configure SSL later. 
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11.3.3 


11.3.4 


11.4 


You continue to receive this message each time you modify the properties of the POA object 
until you configure SSL and an external address for the POA. However, you can continue with 
installing and starting the new POA without immediately establishing the recommended 
security configuration. 


8 Continue with Installing and Starting the New POA. 


Installing and Starting the New POA 


1 Installand start the POA for the new post office on the server where you created the post office 
directory structure. 


For instructions, see “Installing GroupWise Agents” in the GroupWise 2012 Installation Guide. 
2 Continue with Setting Up User Access to the New Post Office. 


Setting Up User Access to the New Post Office 


The post office Access Mode determines how GroupWise client users access their mailboxes. By 
default, the Group Wise Windows client use Client/Server Access Mode to the post office. Client/ 
Server Access Mode provides the following benefits: 


+ Client/server access provides the greatest level of security. Users do not need rights to the post 
office directory because the GroupWise client does not write directly to databases in the post 
office. All database updates are performed by the POA. 


+ Client/server access eliminates the need for separate network logins and passwords. This avoids 
problems with login restrictions, changing passwords, and insufficient network rights. 


¢ Client/server access allows the GroupWise client to maintain multiple simultaneous connections 
to the post office. 


¢ With client/server access mode, proxy rights can be granted to any user visible in the Address 
Book. 


Historical Note: In GroupWise 5.x, the GroupWise client allowed the user to enter a path to the post 
office directory during login to facilitate Direct Access mode. The GroupWise 6.x and later Windows 
client no longer offers that login option. However, you can force the GroupWise 6.x and later 
Windows client to use Direct Access mode by starting it with the /ph switch and providing the path 
to the post office directory. However, this access mode is not recommended. 


If you have not already done so, establish the recommended security configuration for the POA by 
following the instructions in: 


+ Section 36.3.1, “Securing Client/Server Access through an External Proxy Server,” on page 506 
+ Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 508 


What’s Next 


After you have created the new post office and started its POA, you are ready to expand the post 
office by: 


+ Adding users to the post office. 


See “Users” on page 217. 


+ Defining groups of users (distribution lists) that GroupWise users can select when addressing 
messages. 
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See “Distribution Lists, Groups, and Organizational Roles” on page 279. 

+ Defining resources (for example, conference rooms or company cars) that users can schedule. 
See “Resources” on page 263. 

+ Defining libraries and setting up Document Management Services. 
See “Libraries and Documents” on page 313. 


+ Setting up the Group Wise Windows client software so that GroupWise users can run the client 
from Windows workstations. 


See “Client” on page 1013. 
+ Configuring the POA for optimal performance and security. 


See “Post Office Agent” on page 469. 


11.5 New Post Office Summary Sheet 


Item Value for Your GroupWise Explanation 
System 


Tree Name: Section 11.2.3, “Determining the 
Context for the Post Office 
Object,” on page 176 


eDirectory Container: Section 11.2.3, “Determining the 
Context for the Post Office 
Object,” on page 176 


Post Office Name: Section 11.2.4, “Choosing the 
Post Office Name,” on page 176 


GroupWise Domain: Section 11.2.2, “Selecting the 
Domain That the Post Office 
Belongs To,” on page 176 


Post Office Database Section 11.2.5, “Deciding Where 
Location: to Create the Post Office 
Directory,” on page 177 


Post Office Section 11.2.8, “Selecting the 
Language: Post Office Language,” on 
page 179 
Post Office Time Section 11.2.9, “Selecting the 
Zone: Post Office Time Zone,” on 
page 179 
Software Distribution Section 11.2.10, “Selecting a 
Directory: Software Distribution Directory,” 
on page 179 
Create Library: Section 11.2.12, “Deciding if You 
Want to Create a Library for the 
* No New Post Office,” on page 180 
+ Yes 
Post Office Section 11.2.4, “Choosing the 
Description: Post Office Name,” on page 176 
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Item 


Post Office Security 
Level: 


+ Low 
+ High 


+ eDirectory 
authenticatio 
n 


+ LDAP 
authenticatio 
n 


Agent Platform: 


+ Linux POA 
+ Windows POA 


Link to Domain: 


+ TCP/IP 
+ Mapped 
+ UNC 
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Value for Your GroupWise 
System 


Explanation 


Section 11.2.11, “Selecting a 
Post Office Security Level,” on 
page 180 


Section 11.2.6, “Deciding Where 
to Install the Agent Software,” on 
page 178 


Section 11.2.7, “Deciding How to 
Link the New Post Office,” on 
page 178 


2 Managing Post Offices 


12.1 


As your GroupWise system grows and evolves, you might need to perform the following 
maintenance activities on post offices: 

+ Section 12.1, “Connecting to the Domain That Owns a Post Office,” on page 189 

+ Section 12.2, “Editing Post Office Properties,” on page 190 

+ Section 12.3, “Managing Disk Space Usage in the Post Office,” on page 196 

+ Section 12.4, “Auditing Mailbox License Usage in the Post Office,” on page 207 

+ Section 12.5, “Viewing Current Client Usage in the Post Office,” on page 209 

+ Section 12.6, “Tracking and Restricting Client Access to the Post Office,” on page 209 

+ Section 12.7, “Securing the Post Office with LDAP Authentication,” on page 211 

+ Section 12.8, “Refreshing the Client View Files in the Post Office,” on page 211 

+ Section 12.9, “Disabling a Post Office,” on page 212 

+ Section 12.10, “Moving a Post Office,” on page 212 

+ Section 12.11, “Deleting a Post Office,” on page 214 

+ Section 12.12, “Changing POA Configuration to Meet Post Office Needs,” on page 215 


See also Section 26, “Maintaining Domain and Post Office Databases,” on page 401 and Section 31, 
“Backing Up GroupWise Databases,” on page 431. 


Proper database maintenance and backups allow recovery from accidental deletions, as described in 
Section 32.5, “Restoring Deleted Mailbox Items,” on page 435 and Section 32.6, “Recovering Deleted 
GroupWise Accounts,” on page 438. 


Connecting to the Domain That Owns a Post Office 


Whenever you change post office information, it is most efficient to connect directly to the domain 
that the post office belongs to before you begin making modifications. Performing administrative 
tasks in a post office while not connected to the post office's domain increases the amount of 
administrative message traffic sent between domains. 


For instructions, see Section 9.1, “Connecting to a Domain,” on page 145. 
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12.2 Editing Post Office Properties 


After creating a post office, you can change some post office properties. Other post office properties 
cannot be changed. 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties to display 
the post office Identification page. 


Properties of Development 


IDS Rights + | Other | Rights to Files and Folders 


Post Office: Provo1.Development 


Description: 


UNC Path: \UED-GWimaigwsystemidev 


Language: English - US 


Time Zone: {GMT-07:00) Mountain Time (US & Canada) 


Database Version: 12 


View Client Options ] [ Configure Non-DOS Name Space Access 


| 


2 Change editable fields as needed. 


For information about individual fields, see Section 11.3, “Setting Up the New Post Office,” on 
page 181 or use online help when editing the post office. 


3 Click GroupWise > Post Office Settings to display the Post Office Settings page. 


Properties of Management 


NDS Rights + | Other | Rights to Files and Folders 
ast Office Settings 


Software Distribution Directory: | GW Software 

Access Mode: [Client/Server Only 

Delivery Mode: [use App Thresholds 
[a] 


Max Age for Address Book Updates: | 15] days 


[C] Disable Live Move 
Restore Area: (Not Set) 


Default Archive Service Trusted Application; (Not Set) 


Override 


Remote File Server Settings 


Remote User Name: | 


Remote Password; Set Password 
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Basic post office settings are discussed in the following sections: 

+ Section 11.2.10, “Selecting a Software Distribution Directory,” on page 179 

+ Section 11.3.4, “Setting Up User Access to the New Post Office,” on page 186 
More advanced post office settings are discussed in the following sections: 


+ Section 6.5, “Controlling Address Book Synchronization for Caching and Remote Client 
Users,” on page 112 


+ Section 14.4, “Moving GroupWise Accounts,” on page 234 
+ Section 32.5, “Restoring Deleted Mailbox Items,” on page 435 
+ Section 4.2.7, “Archive Service Settings,” on page 77 


+ Section 36.1.7, “Configuring the POA for Remote Server Login (Windows Only),” on 
page 492 


4 Click GroupWise > Client Access Settings to display the Client Access Settings page. 


GroupWise NDS Rights + | Other | Rights to Files and Folders 
Client Access Setti 


Lock Out Older GroupWise Clients 


T Minimum Client Release Version (x.x.x): 


| Minimum Client Release Date: By) 


I Disable Logins 
IV. Enable Intruder Detection 


Incorrect Logins Allowed: 3 + (3-10) 
Incorrect Login Reset Time: 15 E minutes (15-60) 


Lockout Reset Time: 15 = minutes (15+) 


Page Options... 


The client access settings are discussed in the following sections: 
+ Section 12.6, “Tracking and Restricting Client Access to the Post Office,” on page 209 
+ Section 12.9, “Disabling a Post Office,” on page 212 
+ Section 36.3.5, “Enabling Intruder Detection,” on page 516 
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5 Click GroupWise > Membership to display the Membership page. 


Properties of Development 


|| NOS Rights + | other | Rights to Files and Folders 


Dharmapalan.Development.Provo 
Mendenhall.Development. Provo 
Ramirez.Development Provo 
Skoczylas.Development.Prova 
BGelsomino.Development Provo 
CBolton.Development. Provo 
FHaughey.Development.Provo 
FThompson.Development.Provo 
HwWong.Development.Provo 
DeSoto.Development.Provo 
Stevens. Development.Provo 
Yacoub.Development.Provo 
KHuang.Development.Provo 
LTanaka.Development.Provo 
MJones.Development.Prova 
MLamaroux. Development. Provo 
MdelaTorre.Development.Provo 
RSteadman.Development.Provo 
SMurphy.Development.Provo 


Page Options... 


All users in the post office are listed, no matter where their Novell eDirectory objects are located 
in the tree. Here you can add, delete, and move users in the post office. See “Users” on page 217. 


6 Click GroupWise > Resources to display the Resources page. 
Properties of Development 
GroupWise + | NDS Rights ~ | Other | Rights to Files and Folders 


Resources 


Resources: 


(Company Car 1.GroupWise 
Company Car 2.GroupWise 
Conference Room 2012.GroupWise 
(Group Meeting Room.GroupYWise 
Lunchroom.GroupWise 


AII resources in the post office are listed, no matter where their eDirectory objects are located in 
the tree. This is a convenient place to delete resources from the post office. See “Resources” on 
page 263 
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7 Click GroupWise > Distribution Lists to display the Distribution Lists page. 


Properties of Development 


NDS Rights + | Other | Rights to Files and Folders 


Distribution Lists: 


Engineers Groupise 

GroupWise Administrators Docdev Novell 
Help Desk Docdev Novell 

Programmers Groupiise 

‘Secretaries .GroupWise 
Testers.GroupWise 


Page Options... OK Cancel Apply Help 


All distribution lists in the post office are listed, no matter where their eDirectory objects are 
located in the tree. This is a convenient place to delete distribution lists from the post office. See 
“Distribution Lists, Groups, and Organizational Roles” on page 279. 


8 Click GroupWise > Libraries to display the Libraries page. 


Properties of Development 


| NDS Rights + | Other | Rights to Files and Folders 


Libraries: 


Development Library GroupWise 


Page Options... OK Cancel Apply Help 


All libraries belonging to the post office are listed, no matter where their eDirectory objects are 
located in the tree. This is a convenient place to delete libraries. See Part VII, “Libraries and 
Documents,” on page 313. 


Managing Post Offices 193 


9 Click GroupWise > Gateway Aliases to display the Aliases page. 


Properties of Development 


NDS Rights v | Other | Rights to Files and Folders 


Gateway Aliases: 


Page Options... OK Cancel Apply Help 


Many non-GroupWise systems do not use the same address syntax as GroupWise. Or, in some 
cases, they might not support the same address characters or address length. A gateway alias is 
simply an alternate address that conforms to the format requirements of the non-GroupWise 
system that the gateway connects to. An alias might be required in order to exchange messages 
with the non-GroupWise system, or it might be required when synchronizing directory (user) 
information between the two systems. 


Alias requirements vary depending on the non-GroupWise system to which your gateway 
connects. For alias information specific to your gateway, see the GroupWise guide for that 
gateway on the GroupWise Gateways Documentation Web site (http://www.novell.com/ 
documentation/gwgateways). 


For more information about gateway aliases, see Section 52.3, “Transitioning from SMTP 
Gateway Aliases to Internet Addressing,” on page 754. 


10 Click GroupWise > Internet Addressing to display the Internet Addressing page. 


NDS Rights + | Other | Rights to Files and Folders | 


Override | Preferred Address format: 
r DEI omai r 

Defined at: Corporate Mail 

Allowed Address Formats 

F : 


= 


Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
J” For incoming mail, recipients are known exclusively by this Internet domain name 


Page Options... OK Cancel Apply Help 
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Here you provide information used to determine the Internet addressing settings for the post 
office. See Section 52, “Configuring Internet Addressing,” on page 743 for more information. 


11 Click GroupWise > Security to display the Security page. 


Properties of Legal 
GroupWise + | NDS Rights ~ | Other | Rights to Files and Folders 
Security 


Security Level: 
C Low 
© High 
High Security Options 
1 eDirectory Authentication 


LDAP Server 


LDAP User Name: te] 


LDAP Password: Set Password 


T Disable LDAP Password Changing 


Inactive Connection Timeout: 30 = seconds 
LDAP Pool Server Reset Timeout: 5 3 minutes 
LDAP Server Quarantine Threshold: 2 E 


Select Servers 


Page Options... 


For instructions on setting the security level for the post office, see Section 11.2.11, “Selecting a 
Post Office Security Level,” on page 180. 


12 Click GroupWise > Default WebAccess to display the Default WebAccess page. 


NOTE: This page applies only to post offices that have not yet been updated to Group Wise 2012. 
GroupWise 2012 does not include the WebAccess Agent. 


Properties of Development 


NDS Rights + | Other | Rights to Files and Folders | 


Override Default WebAccess Gateway: 


CRE £| 


Not Defined 


Page Options... OK Cancel Apply Help 


Use this page to designate the default WebAccess gateway for the legacy post office. 
13 Click OK to save changes to the post office properties. 
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12.3.1 


Managing Disk Space Usage in the Post Office 


Many users are prone to save every message and attachment they ever receive. You can moderate this 
behavior by implementing disk space management: 

+ Section 12.3.1, “Understanding Disk Space Usage and Mailbox Size Limits,” on page 196 

+ Section 12.3.2, “Preparing to Implement Disk Space Management,” on page 197 

+ Section 12.3.3, “Setting Mailbox Size Limits,” on page 198 

+ Section 12.3.4, “Enforcing Mailbox Size Limits,” on page 200 

+ Section 12.3.5, “Restricting the Size of Messages That Users Can Send,” on page 201 

+ Section 12.3.6, “Preventing the Post Office from Running Out of Disk Space,” on page 203 

+ Section 12.3.7, “An Alternative to Disk Space Management in the Post Office,” on page 206 

+ Section 12.3.8, “Forcing Caching Mode,” on page 206 


Understanding Disk Space Usage and Mailbox Size Limits 


The concept of mailbox size is different for Windows client users than it is for you as an 
administrator. Users are most interested in the functional size of their mailboxes; that is, the number 
of items that they can store in their mailboxes. Administrators are usually more concerned about the 
physical disk space that mailboxes occupy. 


Functional mailbox size is computed by adding the bytes occupied by individual messages. Users are 
notified when they exceed the functional mailbox size limit that you have set for them. Users can then 
identify items to delete or archive. 


+ Windows client users can use Tools > Check Mailbox Size to list items in the Trash folder, the Sent 
Items folder, the Mailbox folder, the Work in Progress folder, and any posted items. Item size is 
displayed in bytes and the list is sorted from largest to smallest, to easily identify candidates for 
deletion or archiving. 


+ WebAccess users always have the Size column visible. 


When users have deleted or archived sufficient items, their functional mailbox size limit problem is 
resolved. 


As an administrator, you want to set functional mailbox size limits that are reasonable for users and 
that make efficient use of the physical disk space that you have available. You are more concerned 
about physical disk space usage in the post office. Physical disk space usage is much more complex 
than counting the bytes occupied by individual messages. 


The following factors influence physical disk space usage: 


+ Ina typical post office, 85% of disk space is occupied by attachments in the offiles directory 
structure. Attachments are compressed by 40% to allow more data to be stored in less space. 


+ A large message sent to multiple users in the same post office is only stored on disk once, but 
counts against mailbox size for all recipients. If it is sent to multiple post offices, a copy is stored 
in each post office 


¢ A large distribution list can cause even a small message to take up substantial disk space. If all 
recipients are in the same post office, only one copy is stored, but if there are recipients in 
multiple post offices, a copy is stored in each post office 


+ User databases (userxxx. db files) might contain large numbers of contacts and folders. Contacts 
and folders affect the size of the user databases, which have a maximum size of 4 GB, but do not 
count against the mailbox size for users. 
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¢ Shared folders count only against the owner's mailbox size, even though sharing with users in 
other post offices uses disk space in those post offices as well. 


+ A message is stored until the last recipient deletes and empties it. As a result, you might attempt 
to reduce post office disk space usage by reducing certain users’ mailboxes, but disk space usage 
does not change. This can occur because large messages eliminated from the reduced mailboxes 
still exist in other mailboxes. 


Because of the complexity of these factors, you might consider a progressive strategy to determine 
the appropriate functional mailbox limits for your users. 


For a new post office, you could check the physical disk space occupied by the post office before 
users start accumulating email and initially set no functional mailbox limits. After a period of time 
(for example, a month), see how much the post office has grown. Run a report, as described in 
Section 30.1, “Gathering Mailbox Statistics,” on page 423, to assess the rate of mailbox growth, then 
start setting functional mailbox limits based on user needs and available physical disk space. To set 
mailbox limits, skip to Section 12.3.3, “Setting Mailbox Size Limits,” on page 198. 


For an existing post office, where users have never had functional mailbox limits set in the past, 
continue with Preparing to Implement Disk Space Management. 


Preparing to Implement Disk Space Management 


If you are implementing disk space management in an existing Group Wise system, you must begin 
by setting the initial size information on all users” mailboxes. 


To establish current mailbox size: 


1 In ConsoleOne, browse to and select a Post Office object. 
2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: Action: Run 


| Post Offices Analyze/Fix Databases 


Close 
Structure 
be aes Retrieve 


Contents 


[] Collect statistics Save. 


[] ättachment File Check 


ix problems [tee | 


© Object Type 


Databases | Logging | Results | Misc | Exclude 


v| User 


Message 


l 


Document 


Options file: <default> 


3 Inthe GroupWise Objects field, select Post Offices. 
4 Inthe Action field, select Analyze/Fix Databases. 
5 As options to the action, select Contents, Fix Problems, and Update User Disk Space Totals. 
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Make sure all other options are deselected. 
6 Onthe Databases tab, select User. 
Make sure all other types of databases are deselected. 


7 Click Run, then click OK to acknowledge that the Mailbox/Library Maintenance task has been 
sent to the POA. 


After the POA has performed the task, current mailbox size information becomes available on 
each user's mailbox. The information is updated regularly as the user receives and deletes 
messages. 

8 To generate a report of current mailbox information, follow the instructions in Section 30.1, 
“Gathering Mailbox Statistics,” on page 423. 

9 Repeat Step 1 through Step 8 for each post office where you want to implement disk space 
management. 


10 Continue with Setting Mailbox Size Limits. 


Setting Mailbox Size Limits 


After initial size information is recorded on each user's mailbox, you can establish a limit on the 
amount of disk space each user's mailbox is allowed to occupy. You can seta single limit for an entire 
domain. You can set different limits for each post office. You can even set individual user limits if 
necessary. 


If you are implementing disk space management in an existing Group Wise system where users are 
accustomed to unlimited disk space, you should warn them about the coming change. After you 
establish the mailbox size limits as described in this section, users whose mailboxes exceed the 
established limit cannot send messages until the size of their mailboxes is reduced. Users might want 
to manually delete and archive items in advance in order to avoid this interruption in their use of 
GroupWise. 


To establish mailbox size limits: 


1 In ConsoleOne, browse to and select a Domain, Post Office, or User object. 
2 Click Tools > GroupWise Utilities > Client Options. 


GroupWise Client Options xj 


$ v O 


Environment Send Documents 
Security Calendar 


Close | Help 
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3 Click Send > Disk Space Management. 


om A 


o 


N 


o œ 


Send Options: Development 


Send Options | Mail | Appt | Task | Note | Security | Disk Space Mgmt | Global Signature 


4) 


f tä [a] 
Mailbox size limit: S MB 
Threshold for warning users: 0 S % 
Maximum send message size: 0 a KB 
C] Limits apply to cache 
Notify the administrator when threshold limit is exceeded 


Notify the administrator when size limit is exceeded 
Restore Default Settings 


Select User Limits. 


Specify the maximum number of megabytes allowed for each user’s mailbox. 


For guidance in setting mailbox size limits, visit the GroupWise Best Practices Wiki (http:// 
wiki.novell.com/index.php/Group Wise). 


The maximum size limit that you can set for mailboxes is 4 TB. 


Specify as a percentage the point where you want to warn users that their mailboxes are getting 


fu 


Il. 


After users receive a warning message, they can continue to send messages until the size limit is 
reached. After the size limit is reached, users must reduce the size of their mailboxes in order to 
send additional messages. 


(Optional) Specify in kilobytes the largest message that users can send. 


IMPORTANT: By restricting message size, you can influence how fast users’ mailboxes fill up. 
However, if users have valid reasons for sending messages that exceed this limit, the limit can 


become a hindrance to users getting their work done. 


Click OK > Close to save the disk space management settings. 


(Conditional) If you are adding disk space management to an existing GroupWise system where 
users” mailboxes are already over the desired size limit, continue with Enforcing Mailbox Size 
Limits. 


Or 


(Conditional) If you are implementing disk space management in a new system where users 
have not yet begun to use their mailboxes, see “Using Mailbox Storage Size Information” in 


“Maintaining GroupWise” in the GroupWise 2012 Windows Client User Guide to see how setting a 


mailbox size limit affects users’ activities in the GroupWise client. 
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200 


If existing GroupWise users are having difficulty fitting their mailboxes into the established mailbox 
size limits, you can assist them by reducing the size of their mailboxes for them. 


When users archive and empty messages in their mailboxes, the messages are marked for removal 
from the database (“expired”), but the disk space that the expired messages occupied in the 
databases is retained and used again for new messages. As a result, archiving and deleting messages 
does not affect the overall size of the databases. 


The Expire/Reduce Messages option of Mailbox/Library Maintenance enables you to expire 
additional messages and reduce the size of the databases by reclaiming the free space in the 
databases that is created when messages are expired. You should inform users before you run this 
process so they have a chance to archive or delete messages. Unread messages are not expired. 

1 In ConsoleOne, browse to and select a Post Office object. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


KS Novell GroupWise Mailbox/Library Maintenance 


(° GroupWise Objects: Action: 


Post Offices v lExpireReduce Messages 


Ll 


Close 


Retrieve... 


[V items older than 


z P Save... 
V Downloaded items older than 


[ items larger than 


Help 


IV Trash older than 


I Reduce mailbox to 


Lake Jah» Lal» Lal» lale 


[ Reduce mailbox to limited size 
Include 

[V Received tems 

[V Sent items 

[V Calendar items 


[ Only backed-up items 
© Object Type 


[ Only retained items 


Databases | Logging | Resuits | Misc | Exclude | 


Options file: <default= 


3 Inthe Action field, select Expire/Reduce. 


4 Setthe Expire and Reduce options as desired, making sure that Reduce Mailbox to Limited Size is 
selected. 

5 Click Run, then click OK to acknowledge that the Mailbox/Library Maintenance task has been 
sent to the POA. 


After the POA has performed the task, users mailboxes fit within the mailbox size limit you have 
established. 


6 Repeat Step 1 through Step 5 for each post office where you want to reduce user mailboxes to the 
established mailbox size limit. 


To see how setting a mailbox size limit affects user activities in the GroupWise client, see “Using 
Mailbox Storage Size Information” in “Maintaining GroupWise” in the GroupWise 2012 Windows 
Client User Guide. 
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Restricting the Size of Messages That Users Can Send 


By restricting message size, you can influence how fast user mailboxes fill up. However, if users have 
valid reasons for sending messages that exceed this limit, the limit can become a hindrance to users 
getting their work done. 


For HTML-formatted messages, the MIME portion of the message counts in the message size. MIME 
files can be large. If a user cannot send an HTML-formatted message, he or she could use plain text 
instead, in order to decrease the size of the message so that it falls within the message size restriction. 


There are four levels at which you can restrict message size: 


+ “Within the Post Office” on page 201 
+ “Between Post Offices” on page 202 
+ “Between Domains” on page 202 


+ “Between Your GroupWise System and the Internet” on page 202 


Within the Post Office 


You can use Client Options to restrict the size of messages that users can send within their local post 
office. 


1 In ConsoleOne, browse to and select a Domain, Post Office, or User object. 
2 Click Tools > GroupWise Utilities > Client Options. 


GroupWise Client Options. xj 


$ % O 


Environment Send Documents 
Security Calendar 


Close | Help 
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3 Click Send > Disk Space Management. 


Send Options: Development 


Send Options | Mail | Appt | Task | Note | Security | Disk Space Mgmt | Global Signature 


Mailbox size limit: S MB 
la) 0 


Threshold for warning users: 0 (v) Vo 


[a] 
(=) KB 


Maximum send message size: 0 


C] Limits apply to cache 
Notify the administrator when threshold limit is exceeded 
Notify the administrator when size limit is exceeded 


Restore Default Settings 


4 Select User Limits. 
5 Specify in kilobytes the largest message that users can send. 


6 Click OK, then click Close to save the maximum message size setting. 


Between Post Offices 


You can configure the POA to restrict the size of messages that it allows to pass outside the local post 
office. See Section 36.2.7, “Restricting Message Size between Post Offices,” on page 504 for setup 
instructions. 


Between Domains 


You can configure the MTA to restrict the size of messages that it allows to pass outside the local 
domain. See Section 42.2.1, “Restricting Message Size between Domains,” on page 642 for setup 
instructions. 


Between Your GroupWise System and the Internet 


You can configure the Internet Agent (GWIA) to restrict the size of messages that it allows to pass to 
and from your GroupWise system by setting the size limits in a customized class of service. See 
Section 54.1, “Controlling User Access to the Internet,” on page 787 for setup instructions. 


GroupWise 2012 Administration Guide 


12.3.6 Preventing the Post Office from Running Out of Disk Space 


In spite of the best disk space management plans, it is still possible that some unforeseen situation 
could result in a post office running out of disk space. To prevent this occurrence, you can configure 
the POA to stop processing messages, so that disk space usage in the post office cannot increase until 
the disk space problem is resolved. 


1 In ConsoleOne, browse to and select a Post Office object, right-click its POA object, then click 
Properties. 


2 Click GroupWise > Maintenance, then adjust the settings in the Disk Check Interval and Disk Check 
Delay fields as described in Section 36.4.2, “Scheduling Disk Space Management,” on page 520. 


3 Click GroupWise > Scheduled Events. 


DS Rights + | Other | Rights to Files and Folders | 


Scheduled events used by this agent: 
V] Default Daily Maintenance Event 


V] Default Disk Check Event 


y] Default Weekly Maintenance Event 


The Default Disk Space Management Actions trigger a Reduce on user and message databases at 
4 GB and stop mail processing at 200 MB. You can edit the Default Disk Space Management 
Actions so that all post offices are affected, or you can create a new set of Disk Space 
Management actions to assign to specific post offices. 
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4 Click Create to create a new scheduled event to handle an unacceptably low disk space 
condition. 


Create Scheduled Event 


Name: 


Event Type: 
Trigger 


© Percent Trigger actions at: 0 s MB 


MB Stop mail processing at: 0 i MB 


Actions 


Default Disk Space Management Actions Create 


5 Type a unique name for the new scheduled event, then select Disk Check as the event type. 


6 Inthe Trigger Actions At field, specify the amount of free post office disk space at which to take 
preventive measures. 


7 Click Create to define your own disk check actions, then give the new action a unique name. 


Scheduled Event Action 


Name: [Low Disk Space Actions 


Help 


Action; | Expire/Reduce Messages 


O Reduce only 


Items older than 


Downloaded items older than 


Items larger than 


Trash older than 60 (si days 


Reduce mailbox to | 5 (3 MB 


Reduce mailbox to limited size 


Include 


V] Received items 


Calendar items 


[M] Sent items 
M 


Only backed-up items 


C] Only retained items 


= vw” 
Databases | Logging | Results | Misc | Exclude | Notification 


Message 


8 Configure the actions for the POA to take in order to relieve the low disk space condition. 


Use the Results or Notification tab if you want to receive notification about the POA's response to 
the low disk space condition. 
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9 Click OK to return to the Create Scheduled Event dialog box. 


Edit Scheduled Event 


Name: [stop Message Processing 


Event Type: [ Disk Check 


Trigger 
| 


O Percent Trigger actions at: 


© mB Stop mail processing at: 


Actions 


Default Disk Space Management Actions 


Low Disk Space Actions 


[ 100 | MB 


L 50 me 


| 


{ OK Cancel Help 


10 Inthe Stop Mail Processing At field, specify the amount of free post office disk space at which you 
want the POA to stop processing messages. 


11 Click OK to create the new disk space management event and return to the Scheduled Events 


page. 


Properties of POA 


GroupWise 
Scheduled Events 


Scheduled events used by this agent: 
Default Daily Maintenance Event 


Default Disk Check Event 


Default Weekly Maintenance Event 


v | NDS Rights v | Other | Rights to Files and Folders 


Page Options... 


Create [ Edit Delete 


OK 


] ( Cancel at Apply ]{ Help 


] 


12 Select the new disk space management event. 
13 Click OK to close the Scheduled Events page. 


ConsoleOne then notifies the POA to restart so the new disk space management event can be put 


into effect. 


For additional instructions, see Section 36.4.2, “Scheduling Disk Space Management,” on 


page 520. 
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12.3.8 


An Alternative to Disk Space Management in the Post Office 


If you want to place more responsibility for disk space management onto GroupWise client users, 
you can reguire that they run the client in Caching mode, where all messages can be stored on user 
workstations, or other personal locations, rather than in the post office. For an overview of Caching 
mode, see “Using Caching Mode” in the GroupWise 2012 Windows Client User Guide. 


IMPORTANT: Do not force Caching mode for a post office that supports Outlook clients along with 
GroupWise clients. 


Forcing Caching Mode 


You can force Caching mode for an entire domain, for specific post offices, or for individual users as 
necessary. 


When you initially force caching mode, users’ Caching mailboxes are identical with their Online 
mailboxes. However, as you employ disk space management processes in the post office and reduce 
the size of users’ Online mailboxes, more and more of the users” mailbox items exist only in their 
Caching mailboxes. 


IMPORTANT: Make sure that users understand their responsibilities to back up their Caching 
mailboxes, as described in “Backing Up Email” in “Maintaining GroupWise” in the GroupWise 2012 
Windows Client User Guide. 


To force Caching mode: 


1 In ConsoleOne, browse to and select a Domain, Post Office, or User object. 
2 Click Tools > GroupWise Utilities > Client Options. 


GroupWise Client Options: XI 


$ % O 


Environment Send Documents 
GO 
Security Calendar 


Close | Help 


3 Click Environment > Client Access. 


Client Login Mode 


[V Allow use of "Remote" mode S 


[V Allow use of "Caching" mode 


I Force "Caching" mode after: 14 Shays 


[V By defaut, show login mode drop-down list on client toolbar 


4 Inthe Client Login Mode box, select Force Use of Caching Mode. 
5 Click OK, then click Close to save the Caching mode setting. 
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If you are helping existing users, who might have sizeable mailboxes, to start using Caching mode 
exclusively, you can configure the POA to respond efficiently when multiple users need to download 
their entire mailboxes for the first time. See Section 36.2.6, “Supporting Forced Mailbox Caching,” on 
page 503 for setup instructions. 


Auditing Mailbox License Usage in the Post Office 


You can run an audit report in a post office to see: 


+ Which mailboxes have been accessed using full client licenses 

+ Which mailboxes have been accessed using limited client licenses 

+ Which mailboxes are active (have been accessed at least one time) 

+ Which mailboxes have never been active 

+ Which mailboxes have been inactive for a specified period of time 
A mailbox reguires a full client license (and is marked as a full client license mailbox) if it has been 
accessed by any of the following: 

+ The GroupWise Windows client (grpwise . exe) 

+ GroupWise Notify (notify.exe) or GroupWise Address Book (addrbook . exe) 

+ A third-party plug-in to the GroupWise client API 
A mailbox requires a limited client license only (and is marked as a limited client license mailbox) if 
access to it has been limited to the following: 

+ GroupWise WebAccess (including mobile devices) 

* GroupWise Windows client or WebAccess via the Proxy feature 

+ GroupWise Windows client or WebAccess via the Busy Search feature 

+ A mobile device that is synchronizing GroupWise data by using Novell Data Synchronizer 

+ A POP client 

+ An IMAP client 

+ A SOAP client or a third-party plug-in to the GroupWise SOAP protocol 
A mailbox is considered active for licensing purposes if its owner has performed at least one of the 
following actions in the mailbox: 

+ Sending a message 

+ Opening a message 

+ Deleting a message 

+ Accessing the mailbox from a non-GroupWise client (for example, a POP3 email client) through 


the Internet Agent (GWIA) 


A mailbox is considered inactive for licensing purposes even if its owner has performed one or more 
of the following actions (or similar actions): 

+ Starting and stopping the GroupWise client without doing anything in the mailbox 

* Making changes under Tools > Options 

¢ Creating, modifying, or deleting rules 


+ Granting proxy access so that a user other than the mailbox owner is performing tasks that 
would otherwise indicate an active mailbox 


Managing Post Offices 207 


208 


The mailboxes of GroupWise users and external entities reguire full client licenses. 
To generate an audit report for the post office: 


1 In ConsoleOne, browse to and select the Post Office object. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


| KE Novell Groupwise Mailbox/Library Maintenance 


3 Inthe Action field, select Audit Report. 


KE Novell GroupWise Mailbox/Library Maintenance 


4 Inthe Log Accounts without Activity for nn Days field, select the number of days you want to use 
for the inactivity report. 


The Mailbox/Library Maintenance feature uses the default setting (60 days) to flag all mailboxes 
that have not had any activity within the last 60 days. Select a different number to change the 
time period of the log you generate for the audit report. For example, you could generate a log 
report for the last 30 days. However, if you view the audit information by using Tools > 
GroupWise Diagnostics > Information on a System, Domain, or Post Office object, the information 
is always listed for the 60-day default time period. 
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5 (Conditional) If you want write the report to a log file, click the Logging tab, then specify a name 
for the log file. 


By default, the results are sent as an email message to the domain's GroupWise administrator. 
6 (Conditional) If you want to send the results to additional users: 
Ga Click the Results tab. 
6b Specify the users’ email addresses as a comma-delimited list in the CC field. 
6c Click Message to add personalized text to the message, then click OK. 


7 Click Run, then click OK to acknowledge that the Mailbox/Library Maintenance task has been 
sent to the POA. 


After the POA has performed the task, the audit report is generated in the format (log file or 
email message) you specified. The audit report lists all users who are currently considered 
inactive and flags those that have been inactive for longer than the number of days specified in 
the Log Accounts without Activity for nn Days field. 


Audit reports are stored as part of the information available on Post Office and Domain objects in 
ConsoleOne. Right-click a Domain or Post Office object, then click Tools > Group Wise Diagnostics > 
Information. The information stored on the Domain object is cumulative for all post office in the 
domain for which audit reports have been run. 


Audit reports can also be scheduled to run on a regular basis by properly configuring the POA to 
perform a Mailbox/Library Maintenance event. See Section 36.4.1, “Scheduling Database 
Maintenance,” on page 517. 


Viewing Current Client Usage in the Post Office 


ConsoleOne can display the number of users who are using the Windows client. The client version is 
also displayed. 

1 In ConsoleOne, select a Post Office object, a Domain object, or the GroupWise System object. 

2 Click Tools > Diagnostics > Information to display the client statistics for the selected object. 


3 Click Close when you are finished. 


Tracking and Restricting Client Access to the Post Office 


By default, the post office allows multiple versions of the GroupWise Windows client to access it. 
Using the Web console available for the post office’s POA, you can see the version number of each 
GroupWise client that logs in to the post office in client/server access mode (TCP/IP to the POA). This 
information is displayed on the POA Web console's C/S Users page. For more information, see 
Section 37.2, “Using the POA Web Console,” on page 539. 


IMPORTANT: Because the POA provides the version tracking and enforces the client lockout, this 
functionality applies only to GroupWise clients that are accessing the post office in Client/Server 
Access Mode (not Direct Access Mode). 


To help you better monitor and track which versions of the GroupWise client are being used to access 
the post office, you can specify a preferred GroupWise client version for the post office. Any version 
that does not match the preferred version is highlighted on the POA Web console's C/S Users page. 
Older versions are shown in red, and newer versions are shown in blue. 
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In addition, to restrict which versions of the GroupWise client can access the post office, you can 
choose to lock out any GroupWise clients that are older than the preferred version. If you want to 
lock out all GroupWise clients (for example, to rebuild the post office database), see Section 12.9, 
“Disabling a Post Office,” on page 212. 


To specify a preferred GroupWise client version for the post office and to enable the POA to lock out 
specific GroupWise client versions: 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 
2 Click GroupWise > Client Access Settings to display the Client Access Settings page. 
Properties of Development 


Lock Out Older GroupWise Clients 
[T Minimum Client Release Version (x.x.x): 


[ Minimum Client Release Date: 


[ Disable Logins 


[V Enable Intruder Detection 


Incorrect Logins Allowed: 3 + (3-10) 


Incorrect Login Reset Time: 15 a minutes (15-60) 


Lockout Reset Time: 15 à minutes (15+) 


Page Options... Cancel Apply 


3 Fill in the following fields: 


Minimum Client Release Version: Specify the version to use as the post office’s preferred 
GroupWise client version. Any version that does not match the preferred version is highlighted 
on the POA Web console’s C/S Users page. Older versions are shown in red, and newer versions 
are shown in blue. The version number syntax should match what is displayed in the 
GroupWise client’s About GroupWise dialog box. 


For GroupWise 2012, specify 12. 
Minimum Client Release Date: This field is available only if you specify a release version. You 


can use this field to associate an expected release date with the release version. The C/S Users 
page highlights any dates that do not match the one entered here. 


Lock Out Older GroupWise Clients: Select this option for either or both of the above options to 
lock out any GroupWise clients (Client/Server Access Mode only) that are older than the version 
and/or date specified in the Release Version and Release Date fields. For example, if you entered 
8.0.0 in the Release Version field and October 24, 2008 12:00 AM in the Release Date field and 
selected this option for both, any GroupWise client that is older than version 8.0 or is dated 
before October 24, 2008 12:00 AM is not allowed access to the post office. 


The date for GroupWise 2012 is January 17, 2012. 
4 Click OK to save the changes. 
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Securing the Post Office with LDAP Authentication 


For user convenience, you can configure the post office for LDAP authentication, which enables users 
to use their LDAP (network) passwords to access their Group Wise mailboxes, rather than having 
separate GroupWise passwords. The POA performs the LDAP authentication for users in the post 
office. For setup instructions, see Section 36.3.4, “Providing LDAP Authentication for GroupWise 
Users,” on page 510. 


Refreshing the Client View Files in the Post Office 


The GroupWise Windows client software includes view files that control the appearance of the client 
interface. When you copy the client software to a software distribution directory, the view files are 
included. A copy of the view files is also stored in each post office. 


When you use AutoUpdate to force Windows client software updates, as described in Section 77.1, 
“Using GroupWise AutoUpdate and SetupIP to Distribute the Group Wise Windows Client,” on 
page 1069, the AutoUpdate process makes one attempt to update the view files in the post office 
based on the latest client software in the software distribution directory. If that attempt fails, the 
problem is recorded in the POA log file and you can then manually update the view files in the post 
office. 


1 In ConsoleOne, browse to and select the Post Office object whose view files you want to update, 
then click Tools > GroupWise Utilities > System Maintenance. 


GroupWise System Maintenance 


C Validate Database 

C Recover Database 

C Rebuild Database 

C Reclaim Unused Space 

C Rebuild Indexes for Listing 
° Re El 

pE 


fe 
(e 
e 
E 


Description: 
Refresh the client views from the Software Distribution 
Area the post office is assigned to use. 


2 Select Refresh Views, click Run, click Yes, then click OK. 


The POA then retrieves the latest view files from the software distribution directory associated 
with the selected post office. 


IMPORTANT: If you have created custom view files with the same names as standard view 
files, they will be overwritten when the post office view files are refreshed from the software 
distribution directory. If you have such customized view files, you must back them up and then 
restore them so that your customizations are not lost because of the refresh. 
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Disabling a Post Office 


Disabling a post office restricts users from starting the GroupWise Windows client and accessing the 
post office. However, users who are already running the GroupWise client can continue to access the 
post office; after they exit, they cannot access the post office again until the post office is enabled. 


A post office must be disabled if you are rebuilding the post office database (wphost.db). You might 
also want to disable a post office when you are doing a complete GroupWise system backup. That 
ensures that all data is consistent at the time of the backup. 

1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 

2 Click GroupWise > Client Access Settings to display the Client Access Settings page. 


Properties of Development 


NDS Rights v | Other | Rights to Files and Folders 


Lock Out Older GroupWise Clients 
F Minimum Client Release Version (x.x.x): 


[ Minimum Client Release Date: 


I Disable Logins 
[V Enable Intruder Detection 


Incorrect Logins Allowed: 3 | (3-10) 


UE ae 
Incorrect Login Reset Time: 15 E minutes (15-60) 


Lockout Reset Time: 15 4 minutes (15+) 


Page Options... OK | Cancel | Apply | Help | 


3 Select Disable Logins, then click OK to disable the post office. 


4 (Conditional) To re-enable logins and make the post office available again, deselect Disable 
Logins. 


Moving a Post Office 


You cannot move a Post Office object in ConsoleOne because it is a container object. Only leaf objects 
can be moved. If you need to change the context, graft the GroupWise post office to its corresponding 
eDirectory object in the new container location. See Section 5.15, “GW / eDirectory Association,” on 
page 99 for more information on grafting objects. 


You can, however, move the post office directory, the post office database (wphost . db), and the other 
databases that reside in the post office by copying the post office directory structure and all its 
contents to the new location. 


IMPORTANT: These instructions are for moving the post office from one location to another on the 
same platform. If you want to move a post office from a Windows server to a Linux server, follow the 
instructions in the GroupWise Server Migration Guide. 
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To move a post office directory structure and all its contents: 
1 Make sure all users are out of the post office, then disable logins to the post office. See 
Section 12.9, “Disabling a Post Office,” on page 212. 
2 Back up the post office. See Chapter 31, “Backing Up GroupWise Databases,” on page 431. 
3 In ConsoleOne, display the Identification page of the post office to move. 


4 Inthe UNC Path field, change the UNC path to the location where you want to move the post 
office, then click OK to save the new location. 


The format of the path in the UNC Path field depends on whether you are running Linux 
ConsoleOne or Windows ConsoleOne, and on whether the post office is on Linux or Windows. 
Retain the original format of the path in your modified version of the location. 


The location change is then propagated up to the domain. 
5 Stopthe POA forthe post office. 
6 (Conditional) On Linux: 
Ga In a terminal window, log in as root, then provide the root password. 


6b Use cp to copy the post office directory and database to the new location: 


cp -r post office directory destination 
7 (Conditional) On Windows: 


7a Use xcopy with the /s and /e options to move the post office directory and its contents: 


xcopy post office directory /s /e destination 
These options re-create the same directory structure even if directories are empty. 
7b Give rights to objects that need to access the post office database. 


For example, if the new location is on a different server, the POA and the GroupWise 
administrators who run ConsoleOne need adequate rights to the new location, as described 
in Chapter 87, “GroupWise Administrator Rights,” on page 1127. 


8 Edit the POA startup file by changing the setting of the /home switch, then restart the POA. 
See Section 36.1.6, “Adjusting the POA for a New Post Office Location,” on page 491. 
9 When you are sure the post office is functioning properly, delete the original post office 


directories. 


If you need to move the POA along with its post office, see Section 36.1.5, “Moving the POA to a 
Different Server,” on page 490. 
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Deleting a Post Office 


You cannot delete a post office until you have deleted or moved all objects that belong to it. Keep the 
POA running until after you have deleted the post office, so that it can process the object deletion 
reguests. 


1 In ConsoleOne, browse to and right-click the Post Office object to delete, then click Properties. 


Properties of Development 
i [| NDS Rights + | Other | Rights to Files and Folders 
v Identification 

Post Office Settings 

Client Access Settings Provol Development 
Membership 
Resources 
Distribution Lists 
Libraries 


VJBD-GWimaillgwsystemidev 


Gateway Aliases English -u5 7 
Internet Addressing — 
Security 

Default WebAccess 12 
Calendar Publishing 


(GMT-07:00) Mountain Time (US & Canada) 


View Client Options | { Configure Non-DOS Name Space Access 


Click GroupWise > Resources, then delete any resources that still belong to the post office. 


See Section 16.6, “Deleting a Resource,” on page 274. You must delete resources before users, 
because users who own resources cannot be deleted without assigning a new owner in the same 
post office. 


Click Group Wise > Membership, then delete or move any users that still belong to the post office. 


See Section 14.11, “Removing GroupWise Accounts,” on page 255 and Section 14.4, “Moving 
GroupWise Accounts,” on page 234. 


Click GroupWise > Distribution Lists, then delete any distribution lists that still belong to the post 
office. 


See Section 18.8, “Deleting a Distribution List,” on page 294. 

Click GroupWise > Libraries, then delete any libraries that still belong to the post office. 
See Section 22.6.7, “Deleting a Library,” on page 354. 

Click OK to perform the deletions. 


As an alternative, it is very easy to perform such deletions in the GroupWise View. Select the 
Post Office object in the GroupWise View, then use the drop-down list of objects to display 
objects of each type that still belong to the post office. Delete any residual objects in the Console 
View. 


In ConsoleOne, browse to and right-click the Domain object that owns the post office to delete, 
then click Properties. 


8 Click GroupWise > Post Offices, select the post office to delete, then click Delete. 
9 Stop the POA for the post office. 
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10 


Uninstall the POA software if applicable, as described in the following sections in the GroupWise 
2012 Installation Guide: 


¢ “Uninstalling the Linux GroupWise Agents” 
+ “Uninstalling the Windows GroupWise Agents” 


Changing POA Configuration to Meet Post Office Needs 


Because the POA delivers messages to mailboxes, responds in real time to client/server users, and 
maintains all databases located in the post office, its functioning affects the post office and all users 
who belong to the post office. Proper POA configuration is essential for a smoothly running 
GroupWise system. Complete details about the POA are provided in Part IX, “Post Office Agent,” on 
page 469. As you create and manage post offices, you should keep in mind the following aspects of 
POA configuration: 


+ 


+ 


+ 


+ 


+ 


Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 508 
Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 510 
Section 36.3.5, “Enabling Intruder Detection,” on page 516 

Section 36.2.3, “Supporting IMAP Clients,” on page 498 

Section 36.2.4, “Supporting SOAP Clients,” on page 499 

Section 38.1, “Optimizing Client/Server Processing,” on page 559 

Section 36.4.1, “Scheduling Database Maintenance,” on page 517 

Section 36.4.3, “Performing Nightly User Upkeep,” on page 523 

Section 36.2.7, “Restricting Message Size between Post Offices,” on page 504 
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V Users 


+ Chapter 13, “Creating GroupWise Accounts,” on page 219 
+ Chapter 14, “Managing GroupWise Accounts and Users,” on page 229 


Users 217 
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Creating GroupWise Accounts 


For users to be able to use GroupWise, you must give them GroupWise accounts. A GroupWise 
account defines the user in the GroupWise system by providing the user with a GroupWise user ID 
and GroupWise mailbox. 


You can give GroupWise accounts to Novell eDirectory users during or after their creation in 
eDirectory. You can also give GroupWise accounts to users who do not have eDirectory accounts. 
Refer to the following sections for details: 


+ Section 13.1, “Establishing a Default Password for All New GroupWise Accounts,” on page 219 
+ Section 13.2, “Creating GroupWise Accounts for eDirectory Users,” on page 220 

+ Section 13.3, “Creating GroupWise Accounts for Non-eDirectory Users,” on page 224 

+ Section 13.4, “Educating Your New Users,” on page 226 


13.1 Establishing a Default Password for All New GroupWise 
Accounts 


To save time and energy when you are creating new GroupWise accounts, you can establish a default 
password to use for all new accounts. 


1 In ConsoleOne, click Tools > GroupWise System Operations > System Preferences > Default Password. 


GroupWise System Preferences 


i ‘outing Options | External Access Rights | Nickname Settings 
He Default Password” “il Admin Lockout Settings Archive Service Settings 


Default password for new users: | 


2 Type the password you want to use as the default, then click OK. 

3 Explain to users how to set their own passwords in GroupWise, as described in: 
+ “Assigning a Password to Your Mailbox” in the GroupWise 2012 Windows Client User Guide 
+ “Changing Your Password” in the GroupWise 2012 WebAccess User Guide 


Users cannot change their passwords using GroupWise WebAccess Mobile on tablet devices. 
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13.2 Creating GroupWise Accounts for eDirectory Users 


13.2.1 


220 


Depending on your needs, you can choose from the following methods to create GroupWise accounts 
for eDirectory users: 


+ Creating a Single GroupWise Account: You can create a GroupWise account for a single 


eDirectory user by editing the GroupWise information on his or her User object. This method 
lets you create the GroupWise account on any post office, select the GroupWise user ID, and 
configure optional GroupWise information. It provides the most flexibility in creating a user’s 
GroupWise account. 


Creating Multiple GroupWise Accounts: You can create GroupWise accounts for multiple 
eDirectory users by editing the membership information on a Post Office object. This method 
allows you to quickly add multiple users to the same post office at one time. However, you 
cannot select the user’s GroupWise user ID; instead, the user’s eDirectory user name is 
automatically used as his or her GroupWise user ID. In addition, to configure other optional 
GroupWise information for a user, you need to modify each User object. 


Creating a Single GroupWise Account 


To create a GroupWise account for an eDirectory user: 


1 In ConsoleOne, right-click the User object, then click Properties. 
2 Click GroupWise > Account to display the Account page. 


Properties of scarter 


Security + | Login Methods + | General v Restrictions v | Memberships + | Security Equal To Me! 


Post Office: 
Mailbox ID: scarter 


visibility: 


External Sync Override: 
Account ID: 


File ID: 


Expiration Date: 


Gateway Access: 


LDAP Authentication: 


Restore Area: 


3 Fillinthe following fields: 


Post Office: Select the post office where you want the user's mailbox created. 


Mailbox ID: The mailbox ID (also referred to as the GroupWise user ID or user name) defaults 
to the eDirectory user name. You can change it if necessary. 
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Do not use any of the following invalid characters in the mailbox ID: 


ASCII characters 0-31 Comma , 


Asterisk * Double guote “ 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Backslash \ Parentheses () 

Braces { } Period . 

Colon : Slash / 


IMPORTANT: Each user’s mailbox ID becomes part of the user’s email address. Characters that 
are valid and even desirable in a mailbox ID, such as accented characters, might not be valid in 
an email address. For some users, you might need to set up a preferred email ID in order to 
ensure that they have a valid email address. For instructions, see Section 14.7.2, “Changing a 
User’s Internet Addressing Settings,” on page 249. 


Click Apply to create the account. 


You must create the account by clicking Apply (or OK) before you can modify any of the other 
fields, including the GroupWise password. 


If desired, modify any of the following optional fields: 


Visibility: Select the level at which you want the user to be visible in the Address Book. System 
enables the user to be visible to all users in your GroupWise system. Domain enables the user to 
be visible to all users in the same domain as the user. Post Office enables the user to be visible to 
all users on the same post office as the user. Setting the visibility level to None means that no 
users can see the user in the Address Book. However, even if the user is not displayed in the 
Address Book, other users can send messages to the user by typing the user’s ID (mailbox ID) in 
a message's To field. 


External Sync Override: This option applies only if your GroupWise system links to and 
synchronizes with an external system, as described in “Connecting to Other GroupWise 
Systems” in the GroupWise 2012 Multi-System Administration Guide. 


+ Synchronize According to Visibility: The user information is synchronized to external 
systems only if visibility is set to System. 


+ Synchronize Regardless of Visibility: The user information is synchronized to external 
systems regardless of the object visibility. 


+ Don’t Synchronize Regardless of Visibility The user information is not synchronized to 
external systems. 


Account ID: This option applies only if you have a GroupWise gateway that supports 
accounting. For more information about gateway accounting, see your GroupWise gateway 
documentation (http://www.novell.com/documentation/gwgateways). 


File ID: This three-letter ID is randomly generated and is non-editable. It is used for various 
internal purposes within the GroupWise system, including ensuring that files associated with 
the user have unique names. 


Expiration Date: If you want the user’s GroupWise account to no longer work after a certain 
date, specify the expiration date. This date applies to the user’s GroupWise account only; it is 
independent of the eDirectory account expiration date (User object > Restrictions > Login 
Restrictions). For more information, see Section 14.11.2, “Expiring a GroupWise Account,” on 
page 257. 
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Gateway Access: This option applies only if you have GroupWise gateways that support access 
restrictions. For more information, see your Group Wise gateway documentation (http:// 
www.novell.com/documentation/gwgateways). 


Disable Logins: Select this option to prevent the user from accessing his or her GroupWise 
mailbox. For more information, see Section 14.9, “Disabling and Enabling GroupWise 
Accounts,” on page 254. 


LDAP Authentication: This option applies only if you are using LDAP to authenticate users to 
GroupWise, as described in Section 36.3.4, “Providing LDAP Authentication for GroupWise 
Users,” on page 510, and if the LDAP server is not a Novell LDAP server. If this is the case, 
specify the user’s LDAP authentication ID. 


Restore Area: This field applies only if you are using the GroupWise backup and restore 
features. If so, this field indicates the location where the user’s mailbox is being backed up. For 
details, see Chapter 32, “Restoring GroupWise Databases from Backup,” on page 433. 


View Client Options: Click View Client Options as a convenient shortcut for Tools > GroupWise 
Utilities > Client Options in order to modify client options for the currently selected user. For 
more information, see Chapter 76, “Setting Defaults for the GroupWise Client Options,” on 
page 1025. 


Change GroupWise Password: Click this option to assign a password to the user’s GroupWise 
account or change the current password. The user is prompted for this password each time he or 
she logs in to GroupWise. 


To be able to skip this option by setting a default password, see Section 13.1, “Establishing a 
Default Password for All New GroupWise Accounts,” on page 219. 


Delete GroupWise Account: Click this option to delete the user’s GroupWise account. This 
includes the user’s mailbox and all items in the mailbox. The user’s eDirectory account is not 
affected. For more information, see Section 14.11, “Removing GroupWise Accounts,” on 
page 255 


E-Mail Address: Displays the default email address for the user. Click the drop-down list to 
specify a custom email address. 


GroupWise Resource objects and Distribution List objects have this field on their Identification 
page. User objects have this GroupWise field on their General page along with other eDirectory 
user information. 


Click Apply to save the changes. 
Click GroupWise > General > Identification to display the user’s current eDirectory information. 


This information appears in the GroupWise Address Book, as described in Chapter 6, 
“GroupWise Address Book,” on page 105. If you keep private information in the Description field 
of the User object, you can prevent this information from appearing the GroupWise Address 
Book. See Section 6.1.6, “Preventing the User Description Field from Displaying in the Address 
Book,” on page 109. 


8 Make sure that the user’s eDirectory information is current, then click OK. 


Creating Multiple GroupWise Accounts 


If you have multiple eDirectory users who will have GroupWise accounts on the same post office, 
you can use the Post Office object’s Membership page to quickly add the users and create their 
accounts. Each user’s GroupWise user ID will be the same as his or her eDirectory user name. 


To create GroupWise accounts for multiple eDirectory users: 


1 In ConsoleOne, right-click the Post Office object, then click Properties. 
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2 Click GroupWise > Membership to display the Membership page. 


NDS Rights v | Other | Rights to Files and Folders 


3 Click Add, select the eDirectory user you want to add to the post office, then click OK to add the 
user to the post office’s membership list. 


By default, the user’s eDirectory user name is used as the GroupWise ID. 


A GroupWise user ID cannot contain any of the following invalid characters: 


ASCII characters 0-31 Comma , 


Asterisk * Double quote “ 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Backslash \ Parentheses () 

Braces { } Period . 

Colon : Slash / 


IMPORTANT: Each user’s GroupWise ID becomes part of the user’s email address. Characters 
that are valid and even desirable in a GroupWise ID, such as accented characters, might not be 
valid in an email address. For some users, you might need to set up a preferred email ID in order 
to ensure that they have a valid email address. For instructions, see Section 14.7.2, “Changing a 
User’s Internet Addressing Settings,” on page 249. 
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4 Repeat Step 3 to create additional GroupWise accounts in the post office. 


Properties of Development 


NDS Rights v | Other | Rights to Files and Folders 


Users: 
askoczylas,Users,Docdey.Novell 
asmith Users.Docdev. Novell 
jpangilinan.Users.Docdev.Novell 
khuang.Users.Docdev. Novell 
mbarnard.Users.Docdev.Novell 
mpalu,Users.Docdev.Novell 
thu.Users.Docdev. Novell 
xdominguez.Users.Docdew.Novell 


Page Options... 


5 When you are finished, click OK to save the changes. 


13.3 Creating GroupWise Accounts for Non-eDirectory Users 


If you have users who do not have eDirectory accounts, you can still assign them GroupWise 
accounts by defining them as GroupWise external entities in eDirectory. Defining a user as a 
GroupWise external entity provides the user with access to GroupWise only; it does not enable the 
user to log in to eDirectory. External entities have eDirectory objects, but they are not considered 
eDirectory users for licensing purposes. 


To create a GroupWise account for a non-eDirectory user: 


1 In ConsoleOne, right-click the eDirectory container where you want to create the user's 
GroupWise External Entity object, then click New > Object to display the New Object dialog box. 


2 Select GroupWise External Entity, then click OK to display the Create GroupWise External Entity 
dialog box. 


Create GroupWise External Entity 


GroupWise Object ID: Lx | 
Last Name: cca | 


[ Help 


GroupWise Post Office: 


| | 
External Network ID: 


[ Define additional properties 


[ Create another External Entity 


3 Fillinthe following fields: 


GroupWise Object ID: Specify the user's GroupWise ID. The user's ID along with the user's 
post office and domain, provide the user with a unique name within the Group Wise system 
(userID.po.domain). 
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Do not use any of the following invalid characters in the GroupWise object ID: 


ASCII characters 0-31 Comma, 


Asterisk * Double quote “ 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Backslash \ Parentheses () 

Braces { } Period . 

Colon : Slash / 


IMPORTANT: Each user’s GroupWise ID becomes part of the user’s email address. Characters 
that are valid and even desirable in a GroupWise ID, such as accented characters, might not be 
valid in an email address. For some users, you might need to set up a preferred email ID in order 
to ensure that they have a valid email address. For instructions, see Section 14.7.2, “Changing a 
User’s Internet Addressing Settings,” on page 249. 


Last Name: Specify the user’s last name. 

GroupWise Post Office: Select the post office where you want the user’s mailbox. 

External Network ID: Specify the user’s network ID for the network that he or she logs in to. 
4 Select Define Additional Properties, then click OK to display the GroupWise Identification page. 


Properties of eedington 


General v | Restrictions + | Memberships + | Security Equal To Me | Login Script | NDS Rights + |/ 


Network ID: feedington 


Description: 


Given Name: 


Last Name: Edington 


Title: 


Department: 


Phone: 
Fax: 


Mobile Phone: 


Home Phone: 


E-Mail Address: | eedington@Corporate.net 


View Client Options 
Page Options... 


5 If desired, fill in any of the fields on the Identification page. 


This information appears in the GroupWise Address Book, as described in Section 6.1, 
“Customizing Address Book Fields,” on page 105. If you want to keep private information in the 
Description field, you can prevent this information from appearing the GroupWise Address 
Book. See Section 6.1.6, “Preventing the User Description Field from Displaying in the Address 
Book,” on page 109. 
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13.4.1 


6 If you wantthe external entity user to be able to access his or her GroupWise mailbox using 
LDAP authentication, as described in Section 36.3.4, “Providing LDAP Authentication for 
GroupWise Users,” on page 510, click GroupWise > Account, then provide the fully distinguished 
name of the user's External Entity object in LDAP format (for example, 
cn=user id,ou=orgunit, o=organization). 


7 Click OK to save the information. 


The user is given a GroupWise mailbox in the post office you selected and can access his or her 
mailbox through the GroupWise client. 


Educating Your New Users 


After users can log in to their GroupWise accounts, all of the GroupWise client's features are at their 
fingertips, but some new users do not know how to get started. You can give your users the following 
suggestions to encourage them to explore Group Wise. 

+ Section 13.4.1, “GroupWise Windows Client,” on page 226 

+ Section 13.4.2, “GroupWise WebAccess,” on page 227 

+ Section 13.4.3, “Group Wise WebAccess Mobile,” on page 227 
You can also provide users with Quick Starts that cover specialized GroupWise functionality: 

+ Calendar Publishing Quick Start (http://www.novell.com/documentation/groupwise2012/pdfdoc/ 

gw2012 gs calpubuser/gw2012 gs calpubuser.pdf) 


+ GroupWise and Skype Quick Start (http://www.novell.com/documentation/groupwise2012/ 
pdfdoc/gw2012_qs_skype/gw2012_qs_skype.pdf) 

+ GroupWise and Messenger Quick Start (http://www.novell.com/documentation/groupwise2012/ 
pdfdoc/gw2012_qs_messenger22/gw2012_qs_messenger22.pdf) 

+ GroupWise and Vibe Quick Start (http://www.novell.com/documentation/groupwise2012/pdfdoc/ 
gw2012_qs_vibe/gw2012_qs_vibe.pdf) 


+ WebAccess Basic Interface Quick Start (http://www.novell.com/documentation/groupwise2012/ 
pdfdoc/gw2012_qs_webaccbasic/gw2012_qs_webaccbasic.pdf) for mobile device users 


You can also refer users to the GroupWise 2012 User Frequently Asked Questions (http:// 
www.novell.com/documentation/groupwise2012/gw2012 guide userfag/data/ 
gw2012 guide userfag.html). 


NOTE: For convenience in printing, all GroupWise User Guides are available in PDF format at the 
GroupWise 2012 Documentation Web site (http://www.novell.com/documentation/groupwise2012). 


GroupWise Windows Client 


In the GroupWise Windows client: 


+ Click Help > Help Topics to learn to perform common GroupWise tasks. 
+ Click Help > What's New to learn about the latest new GroupWise features. 


+ Click Help > Training and Tutorials to display the BrainStorm, Inc. OuickHelp for GroupWise 2012 
(http://www.brainstorminc.com/landing/product-integration/novell/gw-2012-guickhelp.aspx) 
or customized training materials provided for your users. 
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Use ConsoleOne to change the URL that displays when users click Help > Training and Tutorials. 
In ConsoleOne, use Client Options > Environment > Tutorial to specify the URL for your 
customized training materials. 


+ Click Help > User Guide to view the Group Wise 2012 Windows Client User Guide in HTML format. 
The guide includes more background information on GroupWise features than the Help does. 


13.4.2 GroupWise WebAccess 


In GroupWise WebAccess: 


+ Click Help to learn to perform common GroupWise tasks. 
+ Click Help > What's New in GroupWise 2012 to learn about the latest new GroupWise features. 


+ Click Help > Novell GroupWise 2012 Documentation Web Site to access the GroupWise 2012 
WebAccess Mobile User Guide. The guide includes more background information on GroupWise 
features than the Help does. 


13.43 GroupWise WebAccess Mobile 


In GroupWise WebAccess Mobile: 


+ Click Help to learn to perform common GroupWise tasks. 
+ Click Help > What's New in GroupWise 2012 to learn about the latest new GroupWise features. 


+ Click Help > Novell GroupWise 2012 Documentation Web Site to access the GroupWise 2012 
WebAccess User Guide. The guide includes more background information on GroupWise features 
than the Help does. 
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Managing GroupWise Accounts and 
Users 


As your GroupWise system grows, you will need to add users and manage their GroupWise 
accounts. 

+ Section 14.1, “Adding a User to a Distribution List,” on page 229 

+ Section 14.2, “Allowing Users to Modify Distribution Lists,” on page 230 

+ Section 14.3, “Adding a Global Signature to Users’ Messages,” on page 231 

+ Section 14.4, “Moving GroupWise Accounts,” on page 234 

+ Section 14.5, “Renaming Users and Their GroupWise Accounts,” on page 242 

+ Section 14.6, “Managing Mailbox Passwords,” on page 243 

+ Section 14.7, “Managing User Email Addresses,” on page 247 

+ Section 14.8, “Checking GroupWise Account Usage,” on page 253 

+ Section 14.9, “Disabling and Enabling GroupWise Accounts,” on page 254 

+ Section 14.10, “Unlocking GroupWise Accounts,” on page 254 


¢ Section 14.11, “Removing GroupWise Accounts,” on page 255 
See also: 


¢ Chapter 26, “Maintaining Domain and Post Office Databases,” on page 401 
* Chapter 27, “Maintaining User/Resource and Message Databases,” on page 409 
* Chapter 31, “Backing Up GroupWise Databases,” on page 431 


Proper database maintenance and backups allow recovery from accidental deletions, as described in 
the following sections: 


+ Section 32.5, “Restoring Deleted Mailbox Items,” on page 435 
+ Section 32.6, “Recovering Deleted GroupWise Accounts,” on page 438 


14.1 Adding a User to a Distribution List 


GroupWise distribution lists are sets of users and resources that can be addressed as a single entity. 
When a GroupWise user addresses an item (message, appointment, task, or note) to a distribution 
list, each user or resource that is a member receives a copy of the item. 


To add a user to a distribution list: 


1 In ConsoleOne, right-click the User object, then click Properties. 
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2 Click GroupWise > Distribution Lists to display the Distribution Lists page. 


Properties of mpalu 


Security -| Login Methods + | General -| GroupWise v | Restrictions + | Memberships + | Security Equal To Mi 
| Distribution Lists 


Membership Participation 
Salesmen@Provo2.Sales To 


[ESE 


Properties of mpalu 


Security -| Login Methods + | General -| GroupWise v | Restrictions + | Memberships + | Security Equal To Mi 
| Distribution Lists 


Membership Participation 
Salesmen@Provo2.Sales To 


Ces) Ce 


By default, the user is added as a primary recipient (To recipient). 


4 If you want to change the resource’s recipient type, select the distribution list, click Participation, 
then click To, CC, or BC. 


5 Click OK to save your changes. 


14.2 Allowing Users to Modify Distribution Lists 


Because distribution lists are created in ConsoleOne, users by default cannot modify them. However, 
in ConsoleOne, you can grant rights to selected users to modify specific distribution lists. For setup 
instructions, see Section 18.6, “Enabling Users to Modify a Distribution List,” on page 291. 
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14.3 


14.3.1 


Adding a Global Signature to Users' Messages 


You can build a list of globally available signatures to be automatically appended to messages sent by 
GroupWise client users. Global signatures are created in HTML format. For users who prefer the 
Plain Text compose view in the GroupWise client, a plain text version of the signature is appended 
instead of the HTML version. When this occurs, HTML formatting and embedded images are lost, 
but you can customize the plain text version as needed to compensate for the loss of HTML 
formatting. 


For Windows client users, the global signature is appended by the client to messages after any 
personal signatures that users create for themselves. It is appended after the user clicks Send. If S/ 
MIME encryption is enabled, the global signature is encrypted along with the rest of the message. 
Windows client users can choose whether global signatures are appended only for recipients outside 
the local GroupWise system or for all recipients, local as well as external. For Windows client users, 
you can assign a global signature based on users, resources, post offices, and domains. 


For all client users, the Internet Agent (GWIA) can append global signatures to the end of messages 
for recipients outside the local GroupWise system. However, the GWIA does not append global 
signatures to S/MIME-encoded messages, nor does it duplicate global signatures already appended 
by the Windows client. You can assign a default global signature for all users in your system and then 
override that default by editing the properties of each GWIA object 

+ Section 14.3.1, “Creating Global Signatures,” on page 231 

+ Section 14.3.2, “Selecting a Default Global Signature for All Outgoing Messages,” on page 232 

+ Section 14.3.3, “Assigning Global Signatures to GWIAs,” on page 233 

+ Section 14.3.4, “Assigning Global Signatures to Windows Client Users,” on page 233 

+ Section 14.3.5, “Excluding Global Signatures,” on page 234 


NOTE: If a user sends an external message with a subject only (no message body), a global signature 
is not appended. This is working as designed. The presence of a global signature on an external 
message with an empty message body would prevent the GWIA /flatfwd switch from functioning 
correctly. 


Creating Global Signatures 


1 Click Tools > GroupWise System Operations > Global Signatures. 


Global Signatures 
Global Signatures: = 
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2 Click Create to create a new global signature. 


Global Signature 


(2) (2) (x) Le) (2) [21] roromeees ~Ile ~ (2) e) (63) 


Plain Text 


3 Specify a descriptive name for the signature. 


4 Compose the signature using the basic HTML editing tools provided, then click OK to add the 
new signature to the list in the Global Signatures dialog box. 


5 If you want to check or edit the text version of the signature that was automatically generated: 
5a Select the new signature, then click Edit. 


5b Modify the text version of the signature as needed, then click OK. 
6 Click OK in the Global Signatures list dialog box to save the list. 


14.3.2 Selecting a Default Global Signature for All Outgoing Messages 


If you want the GWIA to append a global signature to all outgoing messages: 


1 Click Tools > GroupWise System Operations > Global Signatures. 
2 Click Settings. 


Global Signature Settings 


Select a default Global Signature to insert in 
outbound messages: 


Cancel 
[em 


Help 


3 Inthe drop-down list, select the default global signature, then click OK. 
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14.3.3 Assigning Global Signatures to GWIAs 


If your organization needs more than one global signature on outgoing messages, you can assign 
different global signatures to GWIAs as needed. 


1 Browse to and right-click an GWIA object, then click Properties. 
2 Click SMTP/MIME > Message Formatting. 


Properties of GWIA 


DAP | POP31M4P4 | Server Directories | Access Control + | Reattach | Post Office Links | Gri 


Inbound Settings 


Number of inbound conversion threads: 


Outbound Settings 


Number of outbound conversion threads: 


Default message encoding: 

( Basic RFC-822 

r 

© MIME 
Message text line wrapping: 
[V Enable quoted printable text line wrapping 
Line wrap length for message text on outbound mail [ 72 +4 
|” Enable flat-forwarding 


Default Global Signature to insert in outbound messages: Defined at:Corporate Mail 
[ Override 


D Apply Global Signature to relay messages 


I Disable mapping x-priority fields 


Page Options... OK | Cancel | Apply | Help | 


3 Under Default Global Signature to Insert in Outbound Messages, select Override, then select the 
global signature that you want this GWIA to append to messages. 


4 Click OK to save the setting. 


14.3.4 Assigning Global Signatures to Windows Client Users 


For Windows client users, you can assign different global signatures to different sets of users by 
domain, post office, and individual user. 


A global signature set at the post office level overrides the global signature set at the domain level. A 
global signature set at the user level overrides the global signature set at the post office and domain 
level. 


1 Browse to and select the domain, post office, or set of users to which you want to assign a global 
signature. 


2 Click Tools > GroupWise Utilities > Client Options. 
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14.3.5 


14.4 


3 Double-click Send, then click Global Signature. 


Send Options: Development 


Send Options | Mai | Appt | Task | Note | Security | Disk Space Mant | 


Global Signature 


JeNone= =] ER) 
8| 


Restore Default Settings 


4 Inthe Global Signature drop-down list, select the global signature that you want to use. 


By default, the selected signature is applied only to messages that are being sent outside your 
GroupWise system. 


5 Select Apply Signature to All Messages if you want to also use global signatures internally. 
6 Click OK to save the settings. 


Excluding Global Signatures 


You might have a domain, post office, or set of users where you do not want the global signature to 
be added to messages. You can suppress global signatures at the domain, post office, or user level. 


1 Browse to and select the domain, post office, or users for which you want to suppress a global 
signature. 

2 Click Tools > GroupWise Utilities > Client Options. 

3 Double-click Send, then click Global Signature. 

4 Inthe Global Signature drop-down list, select <None>, then click OK. 


Moving GroupWise Accounts 


Expansion or consolidation of your GroupWise system can make it necessary for you to move 
GroupWise accounts from one post office to another. 


When you move a GroupWise account, the user’s mailbox is physically moved from one post office 
directory to another. The user’s Novell eDirectory object, including the GroupWise account 
information, remains in the same eDirectory container. 
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14.4.1 


14.4.2 


When you move a user's GroupWise account, all items are moved correctly and all associations 
(proxy rights, shared folder access, and so on) are resolved so that the move is transparent to the user. 
Occasionally, some client options the user has set (GroupWise client > Tools > Options) might be lost 
and must be re-created for the new mailbox. 


The following sections provide information you should know before performing a move and 
instructions to help you perform the move. 

+ Section 14.4.1, “Live Move vs. File Transfer Move,” on page 235 

+ Section 14.4.2, “Preparing for a User Move,” on page 235 


+ Section 14.4.3, “Moving a GroupWise Account to Another Post Office in the Same eDirectory 
Tree,” on page 236 


+ Section 14.4.4, “Moving a GroupWise Account to Another Post Office in a Different eDirectory 
Tree,” on page 238 


+ Section 14.4.5, “Monitoring User Move Status,” on page 240 


Live Move vs. File Transfer Move 


GroupWise provides two types of moves: a live move and a file transfer move. 


A live move uses a TCP/IP connection between Post Office Agents (POAs) to move a user from one 
post office to another. In general, a live move is significantly faster (approximately 5 to 10 times) than 
a file transfer move. However, it does reguire that TCP/IP is functioning efficiently between the two 
POAs. 


A file transfer move uses the transfer of message files (using POAs and MTAs) rather than a TCP/IP 
connection between POAs. A file transfer move is required if you are moving a user across a WAN 
link where TCP/IP might not be efficient. 


By default, when you initiate a user move, the post office's POA attempts to establish a live move 
session with the destination post office’s POA. If it cannot, a file transfer move is used instead. 


If desired, you can disable the live move capability (Post Office object > Group Wise > Identification > 
Disable Live Move). Any moves to or from the post office would be done by file transfer. 


Preparing for a User Move 


Proper preparation can make the process of moving users go more smoothly. Consider the following 
before moving a user's GroupWise account: 


+ Make sure the POAs for the user's current post office and destination post office are running. 


See Chapter 37, “Monitoring the POA,” on page 525. 


+ Configure both POAs for verbose logging, in case troubleshooting is required during the user 
move process. 


See Section 37.3, “Using POA Log Files,” on page 551. 


+ If you are performing the user move during off hours, optimize both POAs for the user move 
process. On the Agent Settings property page of the POA object in ConsoleOne, set Max Thread 
Usage for Priming and Moves to 80%. Set Client/Server Handler Threads to 40. If you must move 
multiple users during regular work hours, you can set up additional POA instances customized 
for the user move process. This would prevent the user move process from impacting users’ 
regular activities in their mailboxes. 


Managing GroupWise Accounts and Users 235 


14.4.3 


See Section 38.2.2, “Configuring a Dedicated Message File Processing POA (Windows Only),” 
on page 565. 


Make sure the Message Transfer Agent (MTA) for the user’s current domain and destination 
domain (if different) are running. 


See Chapter 43, “Monitoring the MTA,” on page 659. 
Make sure that all links between POAs and MTAs are all open. 


See Section 10.2, “Using the Link Configuration Tool,” on page 161, Section 71.3.1, “Link Trace 
Report,” on page 979, and Section 71.3.2, “Link Configuration Report,” on page 980. 


Make sure that all domain databases along the route for the user move are valid. 
See Section 26.1, “Validating Domain or Post Office Databases,” on page 401. 


Make sure that the mailbox to move is valid. Select the Structure, Index, and Contents options in 
GroupWise Check (GWCheck) or in Mailbox/Library Maintenance in ConsoleOne. 


See Section 27.1, “Analyzing and Fixing User and Message Databases,” on page 409. 


Enable automatic creation of nicknames for moved users, so that replies and forwarded 
messages can be delivered successfully after the user has been moved. 


See Section 4.2.4, “Nickname Settings,” on page 75. 


A user who owns a resource cannot be moved. If the user owns a resource, reassign ownership 
of the resource to another user who is on the same post office as the resource. You can do this 
beforehand, or when initiating the user move. 


See Section 16.2, “Changing a Resource’s Owner,” on page 271 


(Optional) To reduce the number of mailbox items that must be moved, consider asking the user 
to clean up his or her mailbox by deleting or archiving items. Have the user empty the Trash so 
that deleted items are not moved with the user. 


(Optional) Have the user exit the GroupWise client and GroupWise Notify before you initiate 
the move. When the move is initiated, the user’s POA first creates an inventory list of all 
information in the user’s mailbox. This inventory list is sent to the new post office’s POA so that 
it can verify when all items have been received. If the user has not exited when the move begins, 
the user is automatically logged out so that the inventory list can be built. However, after the 
move has been initiated, the user can log in to his or her new mailbox even if the move is not 
complete. 


Moving a GroupWise Account to Another Post Office in the Same 
eDirectory Tree 


The following steps apply only if the user’s current post office and destination post office are located 
in the same eDirectory tree. If not, see Section 14.4.4, “Moving a GroupWise Account to Another Post 
Office in a Different eDirectory Tree,” on page 238. 


To move a user’s GroupWise account to a different post office in the same eDirectory tree: 


1 In ConsoleOne, connect to the domain that owns the destination post office where you are 


moving the user. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


2 Inthe GroupWise View, right-click the User object or GroupWise External Entity, then click Move 


to display the GroupWise Move dialog box. 
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If you want to move multiple users from the same post office to another post office, select all the 
User objects, right-click the selected objects, then click Move. 


GroupWise Move cbolton 


Move to post office: 


Cancel Help 


3 Select the post office to which you want to move the user's account, then click OK. 


If the user owns a resource, the following dialog box appears. 


Choose New Owner 


Provo1.Developmentjpangilinan. The user owns resources. 
Please choose another user to be the owner for these resources. 


Owner: [ ® 


| Cancel | Help | 


4 Select a new owner for the resource, then click OK. 


5 Keep track of the user move process using the User Move utility. See Section 14.4.5, “Monitoring 
User Move Status,” on page 240 


Resolving Addressing Issues Caused By Moving an Account 


The user's new address information is immediately replicated to each post office throughout your 
system so that the GroupWise Address Book contains the user's updated address. Any user who 
selects the moved user from the GroupWise Address Book can successfully send messages to the 
USET. 


However, some users might have the user's old address (GroupWise user ID) in their Freguent 
Contacts Address Book. In this case, if the sender types the moved user's name in the To field rather 
than selecting it from the Address Book, GroupWise uses the old address stored in the Freguent 
Contacts Address Book instead of the new address in the Group Wise Address Book. This results in 
the message being undeliverable. The POA automatically resolves this issue when it performs its 
nightly user upkeep (see Section 36.4.3, “Performing Nightly User Upkeep,” on page 523). During the 
nightly user upkeep process, the POA ensures that all addresses in a user's Freguent Contacts 
Address Book are valid addresses in the GroupWise Address Book. 


If you want to ensure that messages sent to the user's old address are delivered even before the POA 
cleans up the Freguent Contacts Address Book, you can create a nickname using the old GroupWise 
user ID. For information about creating a nickname, see Section 14.7.4, “Creating a Nickname for a 
User,” on page 252. To have a nickname created automatically when the user is moved, see 

Section 4.2, “System Preferences,” on page 72. 


Managing GroupWise Accounts and Users 237 


14.4.4 


Moving a GroupWise Account to Another Post Office in a Different 
eDirectory Tree 


A GroupWise system can span multiple eDirectory trees, provided that all components for a single 
domain (post offices, users, resources, and so on) are all in the same eDirectory tree. For example, a 
user cannot be located in one tree and his or her post office in another. 


If necessary, you can move a user's account from a post office in one eDirectory tree to a post office in 
another eDirectory tree as long as the post offices are in the same GroupWise system. This reguires 
the user to have a User object (or GroupWise External Entity object) in the eDirectory tree to which 
his or her GroupWise account is being moved. 


To move a user's GroupWise account to a post office in a different eDirectory tree: 


1 Make sure the user has a User object or GroupWise External Entity object in the eDirectory tree 


to which his or her GroupWise account is being moved. 


In ConsoleOne, right-click the User object or GroupWise External Entity object (in the 
GroupWise View) > click Move to display the GroupWise Move dialog box. 


If you want to move multiple users from the same post office to another post office, select all the 
User objects, right-click the selected objects > click Move. 


GroupWise Move cbolton 


Move to post office: 


Cancel Help 


Select the post office to which you want to move the user's account, then click OK. 


If the user owns a resource, the following dialog box appears. 


Choose New Owner 


Provo1.Developmentjpangilinan. The user owns resources. 
Please choose anotheruserto be the ownerforthese resources. 


Owner: [ D 


| Cancel | Help 


4 Select a new owner for the resource, then click OK. 


5 Keep track of the user move process by using the User Move utility to determine when the user 


has been successfully moved. See Section 14.4.5, “Monitoring User Move Status,” on page 240. 


In the destination eDirectory tree, right-click the User object or GroupWise External Entity object 
where the GroupWise account will be assigned, then click Properties. This is the object referred to 
in Step 1. 
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7 Click GroupWise > Account to display the Account page. 


Properties of scarter 
Security + | Login Methods + | General ~ | GroupWise v i| Restrictions + | Memberships + | Security Equal To Me! 
count H 


Post Office: 


Mailbox ID: [scarter 
Visibility: 


External Sync Override: 


Account ID: 
File ID: 


Expiration Date: 


Gateway Access: 


LDAP Authentication: 


Restore Area: 


8 In the Post Office field, select the post office that the user’s GroupWise account was moved to. 


9 Inthe Mailbox ID field, make sure that the mailbox ID is the same as the user’s mailbox ID 
(GroupWise user ID) on his or her original post office. 


10 Click OK. 


A dialog box appears asking if you want to match the GroupWise account to this eDirectory 
user. 


11 Click Yes. 


Resolving Addressing Issues Caused By Moving an Account 


The user’s new address information is immediately replicated to each post office throughout your 
system so that the GroupWise Address Book contains the user’s updated address. Any user who 
selects the moved user from the GroupWise Address Book can successfully send messages to the 
user. 


However, some users might have the moved user’s old address (GroupWise user ID) in their 
Frequent Contacts Address Book. In this case, if the sender types the moved user’s name in the To 
field instead of selecting it from the Address Book, GroupWise uses the old address stored in the 


Frequent Contacts Address Book instead of the new address in the GroupWise Address Book. This 


results in the message being undeliverable. The POA automatically resolves this issue when it 
performs its nightly user upkeep (see Section 36.4.3, “Performing Nightly User Upkeep,” on 
page 523). During the nightly user upkeep process, the POA ensures that all addresses in a user’s 
Frequent Contacts Address Book are valid addresses in the GroupWise Address Book. 


If you want to ensure that messages sent to the user’s old address are delivered even before the POA 
cleans up the Frequent Contacts Address Book, you can create a nickname using the old GroupWise 
user ID. For information about creating a nickname, see Section 14.7.4, “Creating a Nickname for a 


User,” on page 252. To have a nickname created automatically when the user is moved, see 
Section 4.2, “System Preferences,” on page 72. 
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14.4.5 Monitoring User Move Status 


The User Move Status utility helps you track progress as you move users and resources from one post 
office to another. It displays the user moves associated with the object you selected before displaying 
the User Move Status dialog box. For example, if you selected a Domain object, all user moves for the 
selected domain are displayed, but not user moves for other domains. 


While a GroupWise user account is being moved, the POA inthe source post office and the POA in 
the destination post office communicate back and forth. You can track the move process progresses 
through various steps and statuses: 
1 In ConsoleOne, select a Post Office or Domain object. 
All moves occurring within the selected location will be listed. 
2 Click Tools > GroupWise Utilities > User Move Status. 


KS User Move Status 


TAA | | | ——— 
Domain Post Office Object ID Last Move Status Error am 


Provoi Development cbolton Move request sent 


Refresh 


Cancel 


Help 


At the beginning of the move process, most buttons are dim, because it would not be safe for you 
to perform those actions at that point in the move process. When those actions are safe, the 
buttons become active. 


User Move Status 


Last Move Status 
Completed retrieving items Retry Restart... 


Force Complete... 


Clear Status 


Refresh 


Cancel 


Help 


3 To restrict the number of users and resources in the list, type distinguishing information in any 
of the Filter fields, then press Enter to filter the list. 


4 During the move, click Refresh to update the status information. 


IMPORTANT: The list does not refresh automatically. 
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During the move, you might observe some of the following statuses: 


+ 


Use 


Fitter: 


Destination post office updated: The destination POA has updated the destination post 
office database with the user's account information. At this point, the user account exists in 
the new location and appears in the Address Book with the new location information. 


Source post office updated: The source POA has updated the user in the source post office 
database to show the new destination post office. At this point, the user can no longer 
access the mailbox at the old location. 


Moving mailbox information: The POAs have finished exchanging administrative 
information and are ready to move items from the old mailbox to the new mailbox. 


Sending mailbox inventory list: The source POA sends the destination POA a list of all the 
mailbox items that it should expect to receive. 


Send item request: The destination POA starts requesting items from the source POA and 
the source POA responds to the requests 


Retry mailbox item retrieval: The destination POA was unable to retrieve an item and is 
retrying. The POA continues to retry every 12 hours for 7 days, then considers the move 
complete. To complete the move without waiting, click Force Complete. Typically, items that 
cannot be moved were not accessible to the user in the first place, so nothing is missed in 
the destination mailbox. 


Completed retrieving items: The destination POA has received all of the items on its 
mailbox inventory list. 


Move completed: After all of the user’s mailbox items have arrived in the destination post 
office, the user’s original account in the source post office is deleted and the user move is 
finished. 


r Move Status 


Provot 


L | | | | a 
Domain Post Office Object ID Last Move Status Error a as 


Development chotton Move completed 


Clear All Complete 


Refresh 


Cancel 


Help 


The User Move Status utility cannot gather status information for destination post offices that 
are running POAs older than GroupWise 6.5. Status information for users moving to older post 
offices displays as Unavailable. 


5 If something disrupts the user move process, select the problem user or resource, then click 
Retry/Restart. 


Retry/Restart on User Move 


© Skip retry on the current mailbox item 


C Stop deferred retries 


© Restart the entire mailbox move 


Cancel Help 
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6 Selectthe option appropriate to the problem you are having, then click OK. 


Retry the Last Step of the Mailbox Move: Select this option to retry whatever step the user 
move process has stopped on. This is equivalent to performing one of the POA’s automatic 
retries manually and immediately. Ideally, the step completes successfully on the retry and 

processing continues normally. 


Skip Retry on the Current Mailbox Item: Select this option to skip a particular mailbox item 
that cannot be successfully moved. The need for this action can usually be avoided by running 
Mailbox/Library Maintenance on the mailbox before moving the user account. Ideally, the user 
move processing should continue normally after skipping the problem item. 


Stop Deferred Retries: Select this option to stop the POA from retrying to send items that have 
not been successfully received. This completes the user move process even though some 
individual items have not been moved successfully. 


Restart the Entire Mailbox Move: Select this option if something major disrupts the user move 
process and you want to start over from the beginning. Because nothing is deleted from the 
source mailbox until everything has been received in the destination mailbox, you can safely 
restart a move at any time for any reason. 


After you have moved a user in ConsoleOne, you can display detailed information about items 
belonging to that account that have not yet been moved to the destination post office, perhaps 
because problems were encountered when trying to move them. This information can help 
determine the importance of moving residual items that are still pending after all other items 
have been successfully moved. 


7 Assessthe importance of items that are still pending. 


7a Select an account for which the move has not completed, then click Pending Items. 


You can determine the record type (item, folder, Address Book contact, and so on), the item 
type (mail, appointment, task, and so on), how old the item is, the sender of the item, and 
the Subject line of the item. Not all columns in the Pending Items dialog box apply to all 
record types and item types, so some columns might be empty. 


7b Click Reguest to reguest pending items. 
Pending items are retrieved in groups of 25. 
7c Click Yes to request the first group of pending items, then click OK. 


You might need to wait for a while before the pending item lists displays because the 
reguest goes out through the destination domain to the source domain to the source post 
office, where the source POA sends the reguested information back to the destination 
domain. Do not click Reguest again before the list appears or you receive the same list twice. 


When the pending items appear, you can select an item, then click Info to display detailed 
information about the item. You can also click Refresh to reread the domain database to 
determine if additional items have been moved. 


7d If you and the user whose mailbox is being moved decide that the pending items are 
expendable, click Force Complete to finish the move process. 


Renaming Users and Their GroupWise Accounts 


When you rename a user, the user's GroupWise user ID (mailbox ID) changes but the user remains in 
the same post office. All of the user's associations remain unchanged. For example, the user retains 
ownership of any resources and documents while other users who had proxy rights to the user's 
mailbox retain proxy rights. 


1 Make sure the user has exited the GroupWise client and GroupWise Notify. 
2 Make sure the domain's MTA and post office’s POA are running. 
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14.6.1 


3 Inthe GroupWise View, right-click the User object, then click Rename to display the GroupWise 
Rename dialog box. 


GroupWise Rename sjones 


New GroupWise name: 


SMES 


Cox] Cancel Help 


4 Specify the GroupWise user ID. 


5 Click OK to rename the user. 


Resolving Addressing Issues Caused By Renaming a User 


The user's new information is immediately replicated to each post office throughout your system so 
that the GroupWise Address Book contains the user's updated address. Any user who selects the 
renamed user from the GroupWise Address Book can successfully send messages to the renamed 
USET. 


However, some users might have the user's old address (GroupWise user ID) in their Frequent 
Contacts Address Books. In this case, if the sender types the renamed user's name in the To field 
instead of selecting it from the Address Book, GroupWise uses the old address stored in the Freguent 
Contacts Address Book instead of the new address in the GroupWise Address Book. This results in 
the message being undeliverable. The POA automatically resolves this issue when it performs its 
nightly user upkeep (see Section 36.4.3, “Performing Nightly User Upkeep,” on page 523). During the 
nightly user upkeep process, the POA ensures that all addresses in a user's Freguent Contacts 
Address Book are valid addresses in the GroupWise Address Book. 


If you want to ensure that messages sent to the user's old address are delivered even before the POA 
cleans up the Freguent Contacts Address Book, you can create a nickname using the old GroupWise 
user ID. For information about creating a nickname, see Section 14.7.4, “Creating a Nickname for a 
User,” on page 252. 


Managing Mailbox Passwords 


The following sections provide information to help you manage GroupWise mailbox passwords: 


+ Section 14.6.1, “Creating or Changing a Mailbox Password,” on page 243 
+ Section 14.6.2, “Removing a Mailbox Password,” on page 245 
+ Section 14.6.3, “Bypassing the GroupWise Password,” on page 246 


For background information about Group Wise passwords, see Chapter 82, “Group Wise Passwords,” 
on page 1099. 


Creating or Changing a Mailbox Password 


As administrator, you can use ConsoleOne to create a user's mailbox password or change a user's 
existing password. If a user can log in to GroupWise, he or she can also change the mailbox password 
through the Security Options dialog box (GroupWise Windows client > Tools > Options > Security) or 
on the Passwords page (GroupWise WebAccess > Options > Password. 
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To create or change a user's mailbox password: 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


Properties of gsmith 
Restrictions + | Memberships + | Security Equal To Me | Login Script | NDS Rights + |/ 


Post Office: [Provot Development = 
Mailbox ID: hsmin 
Visibility: [System | 
External Sync Override: [Synchronize according to visibiiy >| 
Account ID: E=>=-coo 


File ID: mah 


Expiration Date: I Enable [ LJ 


Gateway Access: 
I Disable Logins 
LDAP Authentication: 


Restore Area: 


Change GroupWise Password Delete GroupWise Account 


Page Options... 


3 Click Change GroupWise Password to display the Security Options dialog box. 


{ Security Options 


Enter new password: 


—  — 


Retype password: 


GE ——— 


I Clear user's password 


4 Enter and reenter a new password. 


5 Click OK. 
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14.6.2 Removing a Mailbox Password 


If you want to remove a user’s mailbox password but not assign a new password, you can clear the 
password. 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


Properties of gsmith 


Post Office: [Provot Development 09090000 
Mailbox ID: J 
Visibilty: [System zj 
External Sync Override: [Synchronize according to visibility Kai 


Account ID: 


File ID: mah 


Expiration Date: T Enable LJ 


Gateway Access: 
I Disable Logins 
LDAP Authentication: 


Restore Area: (Not Set) 


Change GroupWise Password | Delete GroupWise Account | 


Page Options... 


3 Click Change GroupWise Password to display the Security Options dialog box. 


KE security Options 


Enter new password: 


Retype password: 


| Clear user's password 


4 Select the Clear User’s Password option. 
5 Click OK. 


NOTE: A mailbox with no password cannot be accessed using GroupWise WebAccess. 
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Bypassing the GroupWise Password 


By default, if a user must enter a password when logging in to Group Wise, he or she is prompted for 


the password. 


The GroupWise client includes several options that users can choose from to enable them to log in 
without providing a password. These options, located on the Security Options dialog box 
(GroupWise client > Tools > Options > Security), are described in the following table: 


GroupWise Client Option 


No Password Reguired with eDirectory 


Use Single Sign-On 


Use Collaboration Single Sign-On 
(CASA) 


Description 


This option is available only when logged in to Novell eDirectory. 


When GroupWise starts, it automatically logs in to the GroupWise 
account associated with the user who is logged in to eDirectory at the 
workstation. No GroupWise password is reguired. 


This option is available only when using Novell Single Sign-on 2.0 and 
SecureLogin 3.0 and later products. 


When GroupWise starts, it uses the GroupWise password stored by 
Novell Single Sign-on or SecureLogin. 


This option is available only when using Novell Common 
Authentication Services Adapter (CASA) 1.0 and later. 


When GroupWise starts, it uses the GroupWise password stored by 
Novell CASA. 


As shown in the table, these options appear only if certain conditions are met, such as the user having 
Novell Single Sign-on or SecureLogin installed. If you don’t want the option to be available to users 
even if the condition is met, you can disable the option. Doing so removes it from the GroupWise 


client’s Password dialog box. 


To disable one or more of the password options: 


1 In ConsoleOne, click a Domain object if you want to disable password options for all users in the 


domain. 


or 


Click a Post Office object if you want to disable password options for all users in the post office. 


or 


Click a User object or GroupWise External Entity object if you want to disable password options 


for the individual user. 


2 With the appropriate GroupWise object selected, click Tools > GroupWise Utilities > Client Options 
to display the GroupWise Client Options dialog box. 


GroupWise Client Options xj 


$ % Q 


Environment Send Documents 
Security Calendar 


Close | Help 
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3 Click Security to display the Security Options dialog box. 


8 


Security Options: Management 


am 
{Password || Macros | Notify 


Allow password caching 


Use eDirectory authentication instead of password 


Enable single sign-on 


[_] Use Collaboration Single Sign-on (CASA) 
Restore Default Settings 


On the Password tab, select Allow Password Caching if you want Windows 95/98 users to be able to 
use the GroupWise client’s Remember My Password option. 


NOTE: This option applies only to older GroupWise clients running on older Windows 
versions, such as Windows 2000 and earlier, which are not supported for the GroupWise 2012 
Windows client. 


Select Allow eDirectory Authentication Instead of Password if you want eDirectory users to be able 
to use the GroupWise client’s No Password Required with eDirectory option. 


This option is available only if eDirectory authentication is enabled for the post office, as 
described in Section 11.2.11, “Selecting a Post Office Security Level,” on page 180. 


Deselect Allow Novell Single Sign-on if you don’t want Single Sign-on or SecureLogin users to be 
able to use the GroupWise client’s Use Novell Single Sign-on option. 


Select Use Collaboration Single Sign-On (CASA) if you want users of Novell collaboration products 
(GroupWise, Messenger, iFolder, and iPrint) to be able to use the same password for all 
collaboration products. 


Click OK to save your changes. 


For more information about addressing formats, see Chapter 52, “Configuring Internet Addressing,” 
on page 743. 


Managing User Email Addresses 


To ensure that user addresses meet your needs, GroupWise enables you to determine the format and 
visibility of addresses, as well as create additional names for users. The following sections provide 
details: 


+ Section 14.7.1, “Ensuring Unique Email Addresses,” on page 248 


+ Section 14.7.2, “Changing a User's Internet Addressing Settings,” on page 249 


+ Section 14.7.3, “Changing a User's Visibility in the Address Book,” on page 251 


+ Section 14.7.4, “Creating a Nickname for a User,” on page 252 
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Starting with GroupWise 7, you can use the same email ID for more than one user in your GroupWise 
system, if each user is in a different Internet domain. Rather than requiring that each email ID be 
unique in your GroupWise system, each combination of email ID and Internet domain must be 
unique. This provides more flexibility for handling the situation where two people have the same 
name. 


When adding or changing users’ email addresses you can check to make sure that the email address 
you want to use for a particular user is not already in use. 


1 In ConsoleOne, click Tools > GroupWise Utilities > Email Address Lookup to display the Email 
Address Lookup dialog box. 


Email Address Lookup 


Enter an email address to look up and press search. 


Email Address: |] 


Domain Name Post Office Name Object ID Object Type 


2 Inthe Email Address field, specify the email address. You can specify the user ID only (for 
example, jsmith) or the entire address (for example, jsmith@novell.com). 


3 Click Search. 
All objects whose email address match the one you specified are displayed. 


4 If desired, select an object, then click Info to see details about the object. 
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Changing a User’s Internet Addressing Settings 


By default, a user inherits his or her Internet address settings (preferred Internet address format, 
allowed address formats, and Internet domain name) from the user’s post office, domain, or 
GroupWise system. For more information, see Chapter 52, “Configuring Internet Addressing,” on 
page 743. 


If necessary, you can override these settings for individual users. 
1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 
2 Click GroupWise > Internet Addressing to display the Internet Addressing page. 
Properties of gsmith 
Security MI Login Methods + | General v “| Restrictions ~ | Memberships + | Security Equal TC 


Override | Preferred Address format: 


Oo 


Preferred EMail ID: = 
@internet domain name 
Defined at: Provol 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
For incoming mail, recipients are known exclusively by this Internet domain name 


View EMail Addresses 


3 To override one of the settings, select the Override box, then change the setting. 


Preferred Address Format: The preferred address format determines how the user’s address is 


displayed in the GroupWise Address Book and in sent messages. 


Preferred E-Mail ID: At the user and resource level, the preferred address format can be 
completely overridden by explicitly defining the user portion of the address format 


(user@Internet domain name). The user portion must include only RFC-compliant characters. The 


following characters are valid: 


Numbers 0-9 
Uppercase letters A-Z 
Lowercase letters a-z 
Plus sign + 

Hyphen - 

Underscore _ 

Tilde ~ 


The user portion must be unique within its Internet domain. This means that a user can be used 


multiple times in your GroupWise system, if it is used only once in each Internet domain. 


If you have two users with the same name in the same Internet domain, you can further modify 


the user portion. For example, if you have selected First Name.Last Name@Internet domain name 


as 


your system's preferred address format and you have two John Petersons in the same Internet 
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domain, you would have two users with the same address (John.Peterson@novell.com). You 
could use this field to differentiate them by including their middle initials in their addresses 
(John.S.Peterson@novell.com and John.A.Peterson@novell.com). 


Allowed Address Formats: The allowed address formats determine which address formats can 
be used to send messages to the user. For example, using John Peterson as the user, Research as 
the post office, and novell.com as the Internet domain, if you select all five formats, John 
Peterson would receive messages sent using any of the following addresses: 


jpeterson.research@novell.com 
jpeterson@novell.com 
john.peterson@novell.com 
peterson.john@novell.com 
jpeterson@novell.com 


Internet Domain Name: The Internet domain name, along with the preferred address format, is 
used when constructing the email address that is displayed in the GroupWise Address Book and 
in the To field of sent messages. 


Only the Internet domain names that have been defined are displayed in the list. Internet 
domain names must be defined at the system level (Tools > GroupWise System Operations > Internet 
Addressing). For more information, see Section 52, “Configuring Internet Addressing,” on 

page 743. 


If you override the Internet domain name, the For Incoming Mail, Recipients are Known Exclusively 
by This Internet Domain Name option becomes available. Enable this option if you only want the 
user to be able to receive messages addressed with this Internet domain name. If you don't 
enable this option, the user receives messages addressed using any of the Internet domain 
names assigned to your GroupWise system. 


View E-Mail Addresses: Click View E-Mail Addresses to display a list of the various email 
address formats that can successfully deliver email to this user, including any nicknames or 
gateway aliases that have been defined for this user. For more information, see: 


+ Section 52.1.4, “Preferred Address Format,” on page 744 and Section 52.1.5, “Allowed 
Address Formats,” on page 747 


+ Section 14.7.4, “Creating a Nickname for a User,” on page 252 


+ Section 52.3, “Transitioning from SMTP Gateway Aliases to Internet Addressing,” on 
page 754 


4 Click OK to save your changes. 
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14.7.3 Changing a User's Visibility in the Address Book 


A user's visibility level determines the extent to which the user's address is visible throughout your 
GroupWise system. You can make the user visible in the Address Book throughout your entire 
GroupWise system, you can limit visibility to the user's domain or post office only, or you can make it 
so that no users can see the user in the Address Book. 


Making a user visible in the Address Book simply makes it easier to address items to the user. 
Regardless of a user's visibility, other users can send items to the user if they know the user's 
GroupWise user ID. 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


Properties 


Post Office: Provo1 Development 


Mailbox ID: 


Visibility: System 


External Sync Override: Synchronize according to visibility 


Account ID: 


File ID: mah 


Expiration Date: T Enable 


Gateway Access: 


I Disable Logins 


LDAP Authentication: 


Restore Area: (Not Set) 


Change GroupWise Password Delete GroupWise Account | 


Page Options... | Cancel | 


3 Inthe Visibility field, select the desired visibility level. 


System (Default): All users in your GroupWise system can see the user's information in the 
Address Book. 


Domain: Only users in the same domain as the user can see the user's information in the 
Address Book. 


Post Office: Only users in the same post office as the user can see the user's information in the 
Address Book. 


None: No users can see the user's information in the Address Book. Users need to know the 
user's GroupWise user ID to send items to him or her. 


4 Click OK to save your changes. 
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Creating a Nickname for a User 


Each user has a Group Wise address consisting of the user ID, post office, and domain 

(user. ID.post office.domain). You can create one or more nicknames for a user to give the user an 
additional GroupWise address. Each part of the GroupWise address (user. ID, post. office, and domain) 
can be different from the user's actual address. Adjustments to the user's GroupWise address are also 
applied to the user's Internet email address (user IDõinternet domain). 


Nicknames are useful in the following situations: 


+ You rename a user, as described in Section 14.5, “Renaming Users and Their GroupWise 


Accounts,” on page 242. You can create a nickname that retains the old user ID, so that messages 
with the old user ID in the email address are routed to the new email address. 


You move a user, as described in Section 14.4, “Moving GroupWise Accounts,” on page 234. You 
can create a nickname that retains the old post office location. As messages to the moved user 
arrive in your GroupWise system, the email address is routed to the new post office location. 
You can configure ConsoleOne to automatically create nicknames when you move users, as 
described in Section 4.2.4, “Nickname Settings,” on page 75. 


You need to restrict a user’s visibility in the GroupWise Address Book, as described in 

Section 6.2, “Controlling Object Visibility,” on page 110, and at the same time, you need to make 
the user visible in one or more specific Address Books outside of the restricted visibility. You can 
create a nickname that provides the specific visibility that is ruled out by the required restriction. 


In ConsoleOne, you can list all the nicknames in your GroupWise system in the GroupWise View. In 
the GroupWise client, you can display nicknames in the GroupWise Address Book if you enable Filter 
for Contacts. When addressing a message, users need to know a nickname in order to use it. 


To create a nickname for a user: 


1 In ConsoleOne, right-click the User object or GroupWise External Entity object, then click 


Properties. 


2 Click GroupWise > Nicknames to display the Nicknames page. 


Properties of gsmith 
General estrictions y | Memberships + | Security Equal To Me | Login Script | NDS Rights + |/ 


Object ID Domain Post Office 


Page Options... 
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3 Click Add to display the Create Nickname dialog box. 


Create Nickname 


Creating nickname for gsmith Users Docdev.Novell 


Domain.PO: 


Object ID: 


Visibility: 


Given Name: 


Last Name: 


Expiration Date: I Enable 


Cancel | Help | 


4 Fillin the following fields: 


Domain.PO: Select the post office that you want to own the nickname. This can be any post 
office in your GroupWise system; it does not need to be the user's post office. 


Object ID: Specify the name to use as the user. ID portion of the nickname. The nickname must 
be unigue. 


Visibility: Select the Address Book visibility for the nickname. This determines where the 

nickname is available (system, domain, or post office). However, nicknames are not displayed in 
the Address Book unless you filter for them. In order to address a message to a nickname, a user 
must specify the nickname address, and the nickname must be available in the user's post office. 


External Sync Override: This option applies only if your GroupWise system links to and 
synchronizes with an external GroupWise system, as described in “Connecting to Other 
GroupWise Systems” in the GroupWise 2012 Multi-System Administration Guide. 


+ Synchronize According to Visibility: The nickname is synchronized to external 
GroupWise systems only if Address Book visibility is set to System. 


+ Synchronize Regardless of Visibility: The nickname is synchronized to external 
GroupWise systems regardless of Address Book visibility. 


+ Don't Synchronize Regardless of Visibility The nickname is never synchronized to 
external systems. 


Given Name: Specify the user's first name. 
Last Name: Specify the user's last name. 


Expiration Date: If you want the nickname to be removed by the Expire Records feature after a 
certain date, as described in Section 14.11.3, “Managing Expired or Expiring GroupWise 
Accounts,” on page 258, select Enable, then select the desired date. 


5 Click OK to add the nickname to the list. 
6 Click OK to save the changes to the User object or GroupWise External Entity object. 


Checking GroupWise Account Usage 


You can identify GroupWise accounts that have been inactive for a specified period of time. See 
Section 12.4, “Auditing Mailbox License Usage in the Post Office,” on page 207. 


You can measure message traffic from individual GroupWise mailboxes. See Section 71.3.5, “User 
Traffic Report,” on page 986. 
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You can disable a GroupWise account so that the user cannot access his or her mailbox until you 
enable the account again. This might be necessary when a user leaves the company and no longer 
needs access to the mailbox. 


1 In ConsoleOne, right-click the User object (or GroupWise External Entity object), then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


Post Office: Provoi Development 


Mailbox ID: 


Visibility: System 


External Sync Override: Synchronize according to visibility 


Account ID: 


File ID: mah 


Expiration Date: T Enable 


Gateway Access: 


I Disable Logins 


LDAP Authentication: 


Restore Area: (Not Set) 


Change GroupWise Password Delete GroupWise Account | 


Page Options... Cancel | 


3 Select Disable Logins, then click OK. 


4 (Conditional) If the user is logged in to his or her Online mailbox when you disable logins, 
disconnect the user, as described in “Disconnecting a User Session from the POA” on page 551. 


5 To enable the user’s account when access is again permitted, deselect Disable Logins, then click 
OK. 


While a user’s account is disabled, other users to whom proxy rights have been granted can still 
access the mailbox. This is convenient for reviewing the contents of the mailbox of a departed 
employee and pulling out those messages that are of use to the incoming employee. 


14.10 Unlocking GroupWise Accounts 


A GroupWise user’s account is automatically disabled (locked) if you have enabled intruder 
detection, as described in Section 36.3.5, “Enabling Intruder Detection,” on page 516, and if the user 
exceeds the number of unsuccessful login attempts that you have allowed. When a user is locked out, 
access is automatically granted again after the incorrect login reset time interval has passed. If a user 
needs quicker access, you can unlock the GroupWise account in ConsoleOne or in the POA Web 
console. 
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In ConsoleOne: 


1 Right-click the User object (or Group Wise External Entity object), then click Properties. 
2 Click GroupWise > Account to display the Account page. 
3 Deselect Disable Logins, then click OK. 


In the POA Web console: 


1 Click Status. 

2 Inthe Statistics section, click Intruder Detection. 
3 Click the user ID of the locked out user. 

4 Select Reset Lockout, then click Submit. 


As soon as the POA receives the changed setting, the user can again log in. 


Removing GroupWise Accounts 


You can remove a user’s GroupWise account by deleting or expiring it. Deleting an account removes 
the entire account (address, mailbox, items, and so on) from the GroupWise system. Expiring an 
account deactivates the account so that it cannot be accessed, but does not remove it from the system. 
The following sections provide information to help you delete or expire GroupWise accounts 


+ Section 14.11.1, “Deleting a GroupWise Account,” on page 255 
¢ Section 14.11.2, “Expiring a GroupWise Account,” on page 257 
+ Section 14.11.3, “Managing Expired or Expiring GroupWise Accounts,” on page 258 
If you delete a GroupWise account by accident, or need to retrieve a deleted account for some other 


reason, see Section 32.6, “Recovering Deleted GroupWise Accounts,” on page 438. For additional 
user repair options, see Section 5.15, “GW / eDirectory Association,” on page 99. 


NOTE: When you remove a GroupWise account, any personal databases, such as an archive, a 
Caching mailbox, or a Remote mailbox, that are associated with the account are unaffected by the 
account deletion. Such databases are not located where ConsoleOne could delete them, so they must 
be deleted manually. 


Deleting a GroupWise Account 


When you delete a user’s GroupWise account, the user’s mailbox is deleted and the user is removed 
from the GroupWise system. If the user owns library documents, see “Ensuring that a User’s Library 
Documents Remain Accessible” on page 257 before deleting the user. Otherwise, refer to one of the 
following sections: 

¢ “Deleting an eDirectory User’s GroupWise Account” on page 255 


+ “Deleting a Non-eDirectory User’s GroupWise Account” on page 256 


Deleting an eDirectory User’s GroupWise Account 


1 Make sure the user has exited the GroupWise client and GroupWise Notify. 
2 Make sure the POA for the user’s post office is running. 


If the POA is not running, the user mailbox is not deleted until the next time the POA runs. 
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In ConsoleOne, right-click the User object, then click Delete. 

Or 

Select multiple User objects, right-click the selected object, then click Delete. 
Click Yes to display the Delete Options dialog box. 


Delete Options 


jpangilinan.Users.Docdev.Novell has GroupWise 
and eDirectory accounts. Please indicate your 
delete preferences below: 


GroupWise Account 
M] Delete 
O Expire 


eDirectory Account 


M Delete 


5 Inthe GroupWise Account box, select Delete. 
6 Inthe eDirectory Account box, deselect Delete. 


7 Click OK to delete the eDirectory user's GroupWise account. 


Or 


If you selected multiple User objects, click OK to All to apply the same deletion options to all 
accounts. If you click OK rather than OK to All, you can select deletion options for each account 
individually as it is deleted. 


If a user was a resource owner, the following dialog box appears. Select a new user to be the 
resource’s owner, then click OK. 


Choose New Owner 


Provol Development jpangilinan. The user owns resources. 
Please choose another user to be the owner for these resources. 


Owner: [ 8) 


| Cancel | Help | 


Deleting a Non-eDirectory User's GroupWise Account 


Non-eDirectory users are given GroupWise accounts by adding the users to eDirectory as 
GroupWise external entities (see Section 13.3, “Creating GroupWise Accounts for Non-eDirectory 
Users,” on page 224). You remove a non-eDirectory user's GroupWise account by deleting the user's 
GroupWise External Entity object from eDirectory. 


NOTE: Remember that external entities do have eDirectory objects, but they are not considered 
eDirectory users for licensing purposes. 


As with eDirectory users, when you remove a non-eDirectory user's GroupWise account, the user's 
mailbox is deleted and the user is removed from the GroupWise system. 


To delete a non-eDirectory user's GroupWise account: 


1 Make sure the user has exited the GroupWise client and GroupWise Notify. 


2 Make sure the POA for the user's post office is running. 


If the POA is not running, the user's mailbox will not be deleted until the next time the POA 
TUNS. 
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3 In ConsoleOne, right-click the user's GroupWise External Entity object, then click Delete. 
4 Click Yes to confirm the deletion. 


Ensuring that a User's Library Documents Remain Accessible 


When you delete a user's GroupWise account, GroupWise does not delete any library documents to 
which the user has Author or Creator status. These documents remain in the library as “orphaned” 
documents, meaning that no one can access the documents. 


If you or other users need access to the documents, you have the following choices: 


+ Rather than deleting the user, change the user's GroupWise mailbox password so that he or she 
can't log in. Other users can continue accessing the documents, and you can log in as the user to 
manage the documents. For information about changing a user's password, see Section 14.6.1, 
“Creating or Changing a Mailbox Password,” on page 243. 


+ Rather than deleting the user or changing the user's password, disable the user's ability to log in. 
This is done on the user’s GroupWise Account page (User object > GroupWise > Accounts > 
Disable Logins). 


+ Delete the user, then reassign the orphaned documents to another user. For information, see 
Section 28.2, “Analyzing and Fixing Library and Document Information,” on page 416. 


Expiring a GroupWise Account 


Rather than delete a user’s GroupWise account, you can expire the account. The account, including 
the user’s mailbox and all items, remains in GroupWise but cannot be accessed by the user. If 
necessary, the user’s account can be reactivated at a later date, as described in Section 14.11.3, 
“Managing Expired or Expiring GroupWise Accounts,” on page 258. This option is useful for 
providing GroupWise accounts to temporary or contract employees who come and go. 


You can set a user’s GroupWise account to expire immediately or at a future date and time. 


1 Make sure the user has exited the GroupWise client and GroupWise Notify. 


2 In ConsoleOne, right-click the User object or GroupWise External Entity object with the account 
you want to expire, then click Properties. 
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3 Click GroupWise > Account to display the Account page. 


Properties of gsmith 


General GroupWise v | Restrictions | Memberships + | Security Equal To Me | Login Script | NDS Rights + |! 
[Account | 


Post Office: Provo Development 


Mailbox ID: 


Visibility: System 


External Sync Override: Synchronize according to visibility 


Account ID: 


File ID: mah 


Expiration Date: T Enable 
Gateway Access: 


I Disable Logins 


LDAP Authentication: 


Restore Area: (Not Set) 


Change GroupWise Password | Delete GroupWise Account | 


Page Options... 


4 Inthe Expiration Date field, select the Enable check box to turn on the option. 


5 If you want the account to expire immediately, leave the date and time set to the current date and 
time. 


Or 
If you want the account to expire at a later date, select the desired date and time. 
6 Click OK. 


NOTE: To immediately expire an account assigned to an eDirectory user, you can also right-click the 
User object, click Delete, select the Expire GroupWise Account option, then click OK. This method is 
not available for non-eDirectory (GroupWise External Entity object) users. 
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Expired GroupWise accounts remain expired until you reactivate them or delete them. Refer to the 
following sections for information to help you manage expired accounts: 


+ “Identifying Expired or Expiring Accounts” on page 259 
+ “Changing an Account’s Expiration Date” on page 260 


+ “Reactivating an Expired Account” on page 260 
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Identifying Expired or Expiring Accounts 


Rather than search through all your User or GroupWise External Entity objects in eDirectory to 
identify which ones have expired or expiring accounts, you can use the Expired Records option to 
guickly list expired accounts for your entire system, a single domain, or a single post office. 
Depending on the date you choose, you can see expired accounts only or both expired and expiring 
accounts. 


1 Inthe GroupWise View, select the post office, domain, or GroupWise system that contains the 
accounts you want to view. 


2 Click Tools > GroupWise Utilities > Expired Records to display the Expired Records dialog box. 


Expired Records 


Expired records in:  Provol 
Expired as of: 10/27/2010 


Expired Users: 


Last Name First Name Object ID Expiration Date Object Type Post Office Domain 
Dominguez *ander xdominguez 10/27/2010 User Development  Provol 


Select All 


The Expired As Of field defaults to the current date. Only accounts that have expired as of this 
date are displayed in the list. To see accounts that will expire in the future, you need to change 
the date in the Expired As Of field. 


3 To change the date in the Expired As Of field, click View Date. 
4 Click the calendar icon, select the desired date and time, then click OK. 


For example, in the dialog box shown above, the current date is 1/18/2012 (January 1, 2012). To 
see what accounts will expire by June 30, 2012, you would change the Expired As Of date to 6/30/ 
2012. 


5 Click OK to return to the Expired Records page. 


6 When you are finished viewing expired or expiring accounts, click OK to close the Expired 
Accounts dialog box. 
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Changing an Account's Expiration Date 


1 In ConsoleOne, right-click the User object or GroupWise External Entity object, then click 
Properties. 


2 Click GroupWise > Account to display the Account page. 


Properties of gsmith 
General ~ | E 
|i 
Post Office: [Provot Development 
Mailbox ID: Essai 
Visibility: [System zi 
External Sync Override: [Synchronize according to visiity >| 
Account ID: M 


File ID: mah 


Expiration Date: IT Enable [ LJ 


Gateway Access: 
I Disable Logins 
LDAP Authentication: 


Restore Area: 


Change GroupWise Password Delete GroupWise Account 


Page Options... 


3 Inthe Expiration Date field, change the time and date. 
4 Click OK. 


Reactivating an Expired Account 


1 In ConsoleOne, right-click the User object or GroupWise External Entity object with the expired 
GroupWise account, then click Properties. 


2 Click GroupWise > Account to display the Account page. 


Properties of gsmith 


[Provot Development = 
Mailbox ID: Jomth 
visibility: [System zi 
External Sync Override: [Synchronize accordingto visty >| 
Account ID: ELLE 
File ID: mah 


Expiration Date: I Enable Bl 


Gateway Access: 


I Disable Logins 
LDAP Authentication: 


Restore Area: 


Change GroupWise Password Delete GroupWise Account 


Page Options... 
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3 Inthe Expiration Date field, deselect the Enable check box to turn off the option. 
4 Click OK. 
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V Resources 


+ Chapter 15, “Creating Resources,” on page 265 
+ Chapter 16, “Managing Resources,” on page 269 
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15.1 


15.1.1 


15.1.2 


Creating Resources 


A resource is an item or place, such as a computer, company vehicle, or conference room, that users 
can schedule or check out. 


+ Section 15.1, “Understanding Resources,” on page 265 
+ Section 15.2, “Planning Resources,” on page 266 


+ Section 15.3, “Creating a New Resource,” on page 267 


Understanding Resources 


The following sections provide information to help you learn about GroupWise resources: 
+ Section 15.1.1, “Resource Objects,” on page 265 
+ Section 15.1.2, "Resource Types,” on page 265 
+ Section 15.1.3, “Resource Mailboxes,” on page 266 


+ Section 15.1.4, “Resource Owners,” on page 266 


Resource Objects 


Each resource you want to make available must be added as a Resource object in Novell eDirectory. 
The name that you give the Resource object becomes the name by which the resource is displayed in 
the GroupWise Address Book. 


Resource objects ( 3) can be located in any eDirectory container that is in the same tree as the 
resource's domain. 


Resource Types 


You can identify the resource as a general resource, as a place, or as a role. 


When a user schedules a resource that is defined as a place, the resource name is automatically added 
to the Place field in the appointment. 


Starting in GroupWise 2012 SP2, a role resource represents a position in an organization that can be 
reassigned from one owner to the next. As owners change, the role resource mailbox retains all 
information associated with the role. Unlike general resources and place resources, role resources are 
included in a Reply to All. 
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15.1.3 


15.1.4 


15.2 


Resource Mailboxes 


Like a user, a resource must be assigned to a post office so that it can be given an account (address, 
mailbox, and so on). You assign the resource to a post office when you create the Resource object. 


A resource's account enables it to receive scheduling reguests (sent as appointments). The owner 
assigned to the resource can access the resource’s mailbox to accept or decline the requests. For 
example, you might want to have all your conference rooms defined as place resources. When 
sending a meeting appointment, users can schedule the conference room as well as the meeting 
attendees. The place resource, just like the other users scheduled for the meeting, receives an 
appointment in its mailbox which can be accepted or declined by the owner. 


When scheduling a resource, users can perform a busy search to see when the resource is available. 


Even though a resource is assigned to a single post office, all users in your GroupWise system can 
schedule the resource. 


Resources can receive all item types (mail messages, phone messages, appointments, tasks, and 
notes). Generally, if your purpose in defining resources is to allow them to be scheduled through 
GroupWise, they only receive appointments. 


Resources can also send items. If a resource sends an item to an Internet user, both the To field and the 
From field are populated with the resource name when the Internet user receives the message. 


Resource Owners 


When you create a resource, you assign an owner to it. The owner must belong to the same post office 
as the resource and is responsible for accepting or declining reguests to schedule the resource. The 
owner can do this by proxying to the resource's mailbox and opening the scheduling reguests, or by 
setting up rules to manage the resource automatically. For more information, see Section 16.1, 
“Creating Rules for a Resource,” on page 269. 


The owner automatically receives proxy rights to the resource's mailbox. The owner can also grant 
proxy rights to another user to manage the resources. 


The owner cannot log in directly to the resource mailbox. However, the owner can set a password on 
the resource mailbox to facilitate secure access by an IMAP client. After proxying in to the resource 
mailbox, click Tools > Options > Security > Password to set a password on the resource mailbox. 


For more information about how owners can manage resources, see “Managing Resources” in 
“Contacts and Address Books” in the GroupWise 2012 Windows Client User Guide. 


Planning Resources 


Before creating a new resource, make sure that the user who will own the resource has been created 
and belongs to the same post office where you are planning to create the resource. 
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15.3 Creating a New Resource 


1 InConsoleOne, right-click the container where you want to create the Resource object, then click 
New > Resource to display the Create GroupWise Resource dialog box. 


Create GroupWise Resource 


Resource Name: 


GroupWise Post Office: 


Owner 


T Define additional properties 


T Create another resource 


2 Fillinthe following fields: 


Resource Name: Specify a descriptive name. Because the name is used as part of the resource's 
GroupWise email address, do not use any of the following invalid characters in the resource 
name: 


ASCII characters 0-31 Comma, 


Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Backslash \ Parentheses () 

Braces { } Period . 

Colon : Slash / 


IMPORTANT: Characters that are valid and even desirable in a resource name, such as accented 
characters, might not be valid in an email address. For some resources, you might need to set up 
a preferred email ID in order to ensure that they have a valid email address. For instructions, see 
Section 16.7.1, “Changing a Resource’s Internet Addressing Settings,” on page 274. 


GroupWise Post Office: Select the post office where the resource will be located. 


Owner: Select the user who will be responsible for accepting or declining requests to use the 
resource. The owner must have a GroupWise account on the same post office as the resource. 
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3 Select Define Additional Properties, then click OK. 


Properties of Conference Room 2021 


General | NDS Rights + | Other | Rights to Files and Folders 


Distinguished Name: Conference Room 2021.GroupWise 


Post Office: Provol Development 


Owner: gsmith 


File ID: biv 


Description: 


Visibility: System 


Resource Type: Resource 


Phone: 


E-Mail Address: Conference Room 2021@Corporate.net 


View Client Options 


4 On the Identification page, fill in the following fields: 


Description: Specify a description to help users identify the use of the resource. The description 
is displayed if the user chooses to view information about the resource in the Address Book. 


If you define the resource type as a place, the description is automatically added to the Place field 
in the appointment. A good description can help users locate the place more easily. 


Visibility: Select the level at which the resource will be visible in the Address Book. System 
causes the resource to be visible to all users in your GroupWise system. Domain causes the 
resource to be visible to all users in the same domain as the resource. Post Office causes the 
resource to be visible to all users on the same post office as the resource. None causes the 
resource to not be visible at any level. However, even if the resource is not displayed in a user’s 
Address Book, he or she can schedule the resource by typing the resource name in an 
appointment's To field. 


Resource Type: You can identify the resource as a general resource, as a place, or as a role. When 
a user schedules a place resource, the resource description is automatically added to the Place 
field in the appointment. A role resource is treated more like a user than a general resource or a 
place resource, and can be included in a Reply to All. 


Phone: If the resource has a telephone number associated with it, such as a conference room 
with a telephone number, specify the phone number. 


E-Mail Address: Displays the default email address for the resource. Click the drop-down list to 
specify a custom email address. For example, if you created a resource with spaces in its name, 
you need to remove the spaces to create a valid email address. 


View Client Options: Click View Client Options as a convenient shortcut for Tools > GroupWise 
Utilities > Client Options in order to modify client options for the currently selected resource. For 
more information, see Chapter 76, “Setting Defaults for the GroupWise Client Options,” on 
page 1025. 


5 Click OK to save the resource information. 


6 Skip to Section 16.1, “Creating Rules for a Resource,” on page 269. 
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16.1 


16.1.1 


Managing Resources 


The following sections provide information to help you manage the resources in your GroupWise 
system: 

+ Section 16.1, “Creating Rules for a Resource,” on page 269 

+ Section 16.2, “Changing a Resource’s Owner,” on page 271 

+ Section 16.3, “Adding a Resource to a Distribution List,” on page 272 

+ Section 16.4, “Moving a Resource,” on page 273 

+ Section 16.5, “Renaming a Resource,” on page 273 

+ Section 16.6, “Deleting a Resource,” on page 274 

+ Section 16.7, “Managing Resource Email Addresses,” on page 274 
A resource's mailbox, just like a user's mailbox, is a combination of the information stored in its user 
database and the message databases located at its post office. Occasionally, you might want to 
perform maintenance tasks on the resource's mailbox to ensure the integrity of the databases. For 


details about performing maintenance on a resource’s mailbox, see Chapter 27, “Maintaining User/ 
Resource and Message Databases,” on page 409. 


Creating Rules for a Resource 


Schedulable resources such as conference rooms need effective auto-accept/decline rules to help 
compensate for times when appointment schedulers fail to use Busy Search. 


If you are the resource owner, you can proxy to the resource mailbox in order to set up the rules. If 
you are not the resource owner, be sure that the resource owner understands how to set up effective 
rules for the resource. 

+ Section 16.1.1, “Creating an Auto-Accept Rule,” on page 269 

+ Section 16.1.2, “Creating an Auto-Decline Rule,” on page 270 


Creating an Auto-Accept Rule 


Creating an auto-accept rule provides confirmation to the appointment scheduler that the resource as 
accepted the appointment. 

1 In the GroupWise Windows client, in the resource mailbox, click Tools > Rules, then click New. 

2 Type a name for the auto-accept rule. 

3 Select Received. 

4 Select Appointment. 


5 Inthe Appointment conflict exists drop-down list, select No. 


Managing Resources 269 


16.1.2 


6 Create an action to accept the appointment: 


7 


8 


9 


6a Click Add Action. 

6b Click Accept. 

6c Select a Show As setting. 

6d (Optional) Type a comment to include with the acceptance. 
Ge Click OK. 


Create an action to notify the appointment scheduler that the resource has accepted the 
appointment: 


7a Click Add Action. 

7b Click Reply. 

7c Click OK to accept the default of replying only to the appointment scheduler. 
7d Inthe Subject field, indicate that the resource has accepted the appointment. 


7e (Optional) In the Message field, provide any additional information that might be helpful to 
the appointment scheduler. 


7f Click OK. 


Test the rule by scheduling an appointment that includes the resource for a time when the 
resource is available. 


Continue with Creating an Auto-Decline Rule. 


Creating an Auto-Decline Rule 


Creating an auto-decline rule notifies the appointment scheduler that the resource is not available. By 
notifying users in addition to the appointment scheduler, the likelihood of a perceived double- 
booking of the resource is minimized. 


oa fF © N Ph 


In the GroupWise Windows client, in the resource mailbox, click Tools > Rules, then click New. 
Type a name for the auto-decline rule. 
Select Received. 
Select Appointment. 
In the Appointment conflict exists drop-down list, select Yes. 
Create an action to decline the appointment: 
6a Click Add Action. 
6b Click Delete/Decline. 
6c (Optional) Type a comment about the resource declining the appointment. 
6d Click OK. 


Create an action to notify the appointment scheduler that the resource has declined the 
appointment: 


7a Click Add Action. 

7b Click Reply. 

7c Click OK to accept the default of replying only to the appointment scheduler. 
or 


Select Reply to all (sender and recipients) to make sure that everyone involved with the 
appointment is notified that the resource has declined the appointment. 
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7d Inthe Subject field, indicate that the resource has declined the appointment. 


7e (Optional) In the Message field, provide any additional information that might be helpful to 
the appointment scheduler. 

7f (Optional) Inthe CC field or the BC field, include one or more additional users such as the 
resource owner to notify when a resource declines an appointment. 

7g Click OK. 


8 Test the rule by scheduling an appointment that includes the resource for a time when the 
resource is not available. 


16.2 Changing a Resource’s Owner 


You can change a resource’s owner whenever necessary. The owner must be a user assigned to the 
same post office as the resource. If you need to give ownership of the resource to a user on a different 
post office, you must move the resource to that post office. For details, see Section 16.4, “Moving a 
Resource,” on page 273. 


The new owner automatically receives proxy rights to the resource’s mailbox. Proxy rights are 
removed for the old owner. 


Make sure that the new resource owner understands the auto-accept/decline rules that are associated 
with the resource. 
1 In ConsoleOne, right-click the Resource object, then click Properties. 


2 On the Identification page, browse to and select the new owner, then click OK to display the 
user’s name in the Owner field. 


Properties of Conference Room 2012 


GroupWise v | General | NDS Rights v | Other | Rights to Files and Folders: 
Identification 


Distinguished Name: Conference Room 2012.GroupWise 


Post Office: Provo1.Development 


Owner: askoczylas 


File ID: 417 


Description: 


Visibility: ‘System 
Resource Type: Resource Da 


Phone: 


Page Options... Cancel Apply | Help si 


3 Click OK to save your changes. 
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16.3 Adding a Resource to a Distribution List 


Just like users, resources can be added to distribution lists. 
1 In ConsoleOne, right-click the Resource object, then click Properties. 


2 Click GroupWise > Distribution Lists to display the Distribution Lists page. 


Properties of Conference Room 2012 


General | NDS Rights + | Other | Rights to Files and Folders 


Membership | Participation 


Page Options... 


Properties of Conference Room 2012 


GroupWise + | General | NDS Rights ~ | Other | Rights to Files and Folders | 
Distribution Lists 


Membership Participation 


Programmers@Provol Development To 


Page Options... OK | Cancel | Apply | Help | 


By default, the resource is added as a primary recipient (To recipient). 


4 If you want to change the resource’s recipient type, select the distribution list, click Participation, 
then click To, CC, or BC. 


5 Click OK to save your changes. 
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16.5 


Moving a Resource 


If necessary, you can move a resource from one post office to another. For example, you might need to 
move a resource if you are removing the resource's post office or if you need to reassign ownership of 
the resource to a user on another post office. 


The resource retains the same name in the new post office as it has in the current post office. If 
another user, resource, or distribution list assigned to the new post office has the same name, you 
must rename one of them before you move the resource. For details, see Section 16.5, “Renaming a 
Resource,” on page 273. 


When you move the resource, all items in its mailbox are moved to the new post office, which means 
that all schedules for the resource are kept intact. 


To move a resource: 


1 In ConsoleOne, right-click the Resource object in the GroupWise View, then click Move to 
display the Group Wise Move dialog box. 


IMPORTANT: You must select the Resource object in the GroupWise View. If you select the 
object in the standard ConsoleOne View, you will move the Resource object from one container 
to another, not the resource from one post office to another. 


GroupWise Move Conference Room 2012 


Move to post office: 


| Cancel | Help 


2 Selectthe post office to which you want to move the resource, then click OK to display the 
Choose New Owner dialog box. 


Choose New Owner 


Provo1.Development.Conference Room 2012. Please choose 
another user to be the owner for this resource. 


Owner: | 8) 


| Cancel | Help | 


3 Select the user who will be the resource’s owner, then click OK to move the resource. 


Renaming a Resource 


Situations might arise where you need to give a resource a new name. For example, you might need 
to move the resource to another post office that already has a user, resource, or distribution list with 
the same name. 


1 In ConsoleOne, right-click the Resource object in the GroupWise View, then click Rename to 
display the Rename dialog box 


New name: 


Conference Room 2012} 


Cancel 
I Save old name 


Help 
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16.7 


16.7.1 


2 Inthe New Name field, specify the new name for the resource. 
3 Make sure the Save Old Name box is not selected. 
Saving the old name causes duplicate resources to appear in the Address Book. 


4 Click OK to rename the resource. 


Deleting a Resource 


When you delete a resource, all information is removed for the resource, including any schedules 
that have been established for the resource. 

1 In ConsoleOne, right-click the Resource object in the GroupWise View, then click Delete. 

2 Click Yes to confirm the deletion. 


Managing Resource Email Addresses 


To ensure that resource addresses meet your needs, GroupWise enables you to determine the format 
and visibility of addresses, as well as create additional names for resources. The following sections 
provide details: 

+ Section 16.7.1, “Changing a Resource's Internet Addressing Settings,” on page 274 

+ Section 16.7.2, “Changing a Resource's Visibility in the Address Book,” on page 275 


+ Section 16.7.3, “Creating a Nickname for a Resource,” on page 276 


Changing a Resource's Internet Addressing Settings 


By default, a resource inherits its Internet address settings (preferred Internet address format, 
allowed address formats, and Internet domain name) from its post office, domain, or GroupWise 
system. If necessary, you can override these settings. 
1 In ConsoleOne, right-click the Resource object, then click Properties. 
2 Click GroupWise, then click Internet Addressing to display the Internet Addressing page. 
Properties of Conference Room 2021 


General | NDS Rights + | Other | Rights to Files and Folders | 


Override | Preferred Address format: 


Preferred EMail ID: 
@internet domain name 
Defined at: Provol 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
For incoming mail, recipients are known exclusively by this Internet domain name 


View EMail Addresses 


274 GroupWise 2012 Administration Guide 


16.7.2 


3 To override one of the settings, select the Override box, then change the setting. 


Preferred Address Format: The preferred address format determines how the resource’s 
address are displayed in the Group Wise Address Book and in sent messages. 


At the resource level, only three preferred address formats are available. The address formats 
that include first name, last name, and first initial do not apply to resource, so they are not 
available. 


You can completely override the address format by explicitly defining the user portion of the 
address (userOlnternet domain name). The user portion can include any RFC-compliant characters 
(no spaces, commas, and so on). The resource name portion must be unigue within its Internet 
domain. This means that a resource name can be used multiple times in your GroupWise 
system, if it is used only once in each Internet domain. 


Allowed Address Formats: The allowed address formats determine which address formats can 
be used to send messages to the resource. 


Only the UserID.Post Office@Internet domain name and UserID@Internet domain name formats are 
valid for resources. The formats that include first name, last name, and first initial are not valid. 


For example, assume that you use R1 as the resource ID, Research as the post office, and 
novell.com as the Internet domain. If you select the two valid formats, the resource receives 
messages sent using either of the following addresses: 


rl.research@novell.com 
rl@novell.com 


Internet Domain Name: The Internet domain name, along with the preferred address format, is 
used when constructing the email address that is displayed in the GroupWise Address Book and 
in the To field of sent messages. 


Only the Internet domain names that have been defined are displayed in the list. Internet 
domain names must be defined at the system level (Tools > GroupWise System Operations > Internet 
Addressing). For more information, see Section 52, “Configuring Internet Addressing,” on 

page 743. 


If you override the Internet domain name, the For Incoming Mail, Recipients are Known Exclusively 
by This Internet Domain Name option becomes available. Enable this option if you only want the 
resource to be able to receive messages addressed with this Internet domain name. If you don't 
enable this option, the resource receives messages addressed using any of the Internet domain 
names assigned to your Group Wise system. 


View E-Mail Addresses: Click View E-Mail Addresses to display a list of the various email 
address formats that can successfully deliver email to this resource, including any nicknames or 
gateway aliases that have been defined for this resource. For more information, see: 


+ Section 52.1.4, “Preferred Address Format,” on page 744 and Section 52.1.5, “Allowed 
Address Formats,” on page 747 


+ Section 14.7.4, “Creating a Nickname for a User,” on page 252 


+ Section 52.3, “Transitioning from SMTP Gateway Aliases to Internet Addressing,” on 
page 754 


4 Click OK to save your changes. 


Changing a Resource’s Visibility in the Address Book 


A resource’s visibility level determines which users see the resource in their Address Books. You can 
control the availability of a resource by displaying it in the Address Books of all users in your 
GroupWise system, in the Address Books of those users in the resource’s domain only, in the Address 
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Books of those users on the resource's post office only, orin no Address Books. Even if the resource is 
not displayed in their Address Books, users can schedule the resource if they know the resource's 
name. 


To change a resources visibility: 


1 In ConsoleOne, right-click the Resource object, then click Properties. 


f Conference Room 2021 


eneral | NDS Rights v | Other | Rights to Files and Folders 


Distinguished Name: Conference Room 2021.GroupWise 


Post Office; |Provol Development 


Owner: asmith 


File ID: Giv 


Description: 


Visibility: [ System 


Resource Type: Resource 


Phone: 


E-Mail Address; Conference Room 2021@Corporate.net 


View Client Options 


2 Inthe Visibility field, select the desired visibility level. 
System: The resource is displayed in the Address Books of all users in your GroupWise system. 
Domain: The resource is displayed in the Address Books of all users in the resource’s domain. 


Post Office: The resource is displayed in the Address Books of all users on the resource's post 
office. 


None: The resource is not displayed in any Address Books. Users need to know the resource's 
name to schedule it. 


3 Click OK to save your changes. 


16.7.3 Creating a Nickname for a Resource 


Each resource has a specific GroupWise address consisting of the resource’s name, post office, and 
domain (resource_name.post_office.domain). You can assign one or more nicknames to a resource to 
give it an additional address. Each part of the address (resource_name, post_office, and domain) can be 
different than the resource’s actual address. 


Nicknames are useful in the following situations: 


+ You rename a resource, as described in Section 16.5, “Renaming a Resource,” on page 273. You 
can create a nickname that retains the old resource name, so that messages with the old resource 
name in the email address are routed to the new email address. 
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+ You move a resource, as described in Section 16.4, “Moving a Resource,” on page 273. You can 
create a nickname that retains the old post office location. As messages to the moved resource 
arrive in your GroupWise system, the email address is routed to the new post office location. . 


+ You need to restrict a resource’s visibility in the GroupWise Address Book, as described in 
Section 6.2, “Controlling Object Visibility,” on page 110, and at the same time, you need to make 
the resource visible in one or more specific Address Books outside of the restricted visibility. You 
can create a nickname that provides the specific visibility that is ruled out by the reguired 
restriction. 


In ConsoleOne, you can list all the nicknames in your GroupWise system in the GroupWise View. In 
the GroupWise client, you can display resource nicknames in the GroupWise Address Book if you 
enable Filter for Resources. When addressing a message, users need to know a nickname in order to 
use it. 


To create a nickname for a resource: 
1 In ConsoleOne, right-click the Resource object, then click Properties. 


2 Click GroupWise > Nicknames to display the Nicknames page. 


Properties of ference Room 2012 


GroupWise + || General | NDS Rights + | Other | Rights to Files and Folders 
Nicknames. 


Object ID Domain Post Office 


Page Options... 


Create Nickname 


Creating nickname for Conference Room 2012.GroupWise 


Domain.PO: [ 


Object ID: | 


Visibility: [System 


Given Name: [ 


Last Name: 


Expiration Date: T Enable | 


Cancel Help 


4 Fill in the following fields: 


Domain.PO: Select the post office that you want to own the nickname. This can be any post 
office in your GroupWise system; it does not need to be the resource's post office. 
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Object ID: Specify the name to use as the resource name portion of the nickname. The nickname 
must be unigue. 


Visibility: Select the Address Book visibility for the nickname. This determines where the 

nickname is available (system, domain, or post office). However, nicknames are not displayed in 
the Address Book unless you filter for them. In order to address a message to a nickname, a user 
must specify the nickname address, and the nickname must be available in the user's post office. 


External Sync Override: This option applies only if your GroupWise system links to and 
synchronizes with an external GroupWise system, as described in “Connecting to Other 
GroupWise Systems” in the GroupWise 2012 Multi-System Administration Guide. 


+ Synchronize According to Visibility: The nickname is synchronized to external 
GroupWise systems only if Address Book visibility is set to System. 


+ Synchronize Regardless of Visibility: The nickname is synchronized to external 
GroupWise systems regardless of Address Book visibility. 


+ Don't Synchronize Regardless of Visibility The nickname is never synchronized to 
external systems. 


Given Name: This field is not used for resource nicknames. 
Last Name: This field is not used for resource nicknames. 


Expiration Date: If you want the nickname to no longer work after a certain date, click Enable 
and then select the desired date. 


5 Click OK to add the nickname to the list. 
6 Click OK to save the changes to the Resource object. 
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Organizational Roles 


+ Chapter 17, “Understanding Distribution Lists, Groups, and Organizational Roles,” on page 281 
+ Chapter 18, “Creating and Managing Distribution Lists,” on page 285 
+ Chapter 19, “Using eDirectory Groups as GroupWise Distribution Lists,” on page 301 


+ Chapter 20, “Using eDirectory Organizational Roles as GroupWise Distribution Lists,” on 
page 307 
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17.1 


17.2 


Understanding Distribution Lists, 
Groups, and Organizational Roles 


Distribution lists are specific to GroupWise. Groups and organizational roles are eDirectory objects 
that can be configured to work with GroupWise. 


Distribution lists, groups, and organizational roles are all sets of users and (optionally) resources that 
can be addressed as a single entity. When a GroupWise user addresses an item (message, 
appointment, task, or note) to a distribution list, group, or organizational role, each user or resource 
that is a member receives the item if he or she has a GroupWise account. 


The following sections provide information to help you learn about distribution lists, groups, and 
organizational roles: 

+ Section 17.1, “Public vs. Personal Address Lists,” on page 281 

+ Section 17.2, “Distribution Lists,” on page 281 


+ Section 17.3, “eDirectory Groups and Organizational Roles,” on page 282 


Public vs. Personal Address Lists 


Distribution lists and groups are public address lists, meaning that they are administrator-defined 
lists available to all users in your GroupWise system. 


If users want to create personal address lists, they can create personal groups in the GroupWise 
client. When a user creates personal groups, the groups are saved in his or her mailbox and are 
available for use only by that user. They cannot be shared by, or transferred to, other users. 


If a user wants to send to all users in a particular post office or domain, he or she can use wildcard 
addressing, if it has been enabled. See Section 6.7, “Enabling Wildcard Addressing,” on page 114. 


Distribution Lists 


A distribution list is specific to GroupWise. It is a public address list that you, as the Group Wise 
administrator, can create to facilitate easier addressing within your GroupWise system. Distribution 
lists can only contain users that have GroupWise accounts. 


Each distribution list you want to create must be added asa Distribution List object in eDirectory. The 
name that you give the Distribution List object becomes the name by which the distribution list is 
displayed in the GroupWise Address Book. 


Distribution List objects can be located in any eDirectory container that is in the same tree as the 
distribution list’s domain. 
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Because a distribution list is an addressable entity, you must assign it to a post office when you create 
it. This ensures that the distribution list has a standard GroupWise address 
(distribution list name.post, office.domain). 


Regardless of the distribution list's post office, all GroupWise users can use the distribution list when 
addressing a message. 


You can determine which users see the distribution list in the Address Book. System visibility enables 
all users in your GroupWise system to see the distribution list. Domain visibility enables all users in 
the distribution list’s domain to see the distribution list. Post Office visibility enables all users in the 

distribution list's post office to see the distribution list. Setting the visibility level to None means that 
no users see the distribution list in the Address Book. 


Users who cannot see the distribution list in the Address Book can still use the distribution list by 
typing the distribution list name in the To field of the message. 


A distribution list can contain users and resources as well as other distribution lists, groups, and 
organizational roles. Members do not need to be on the same post office as the distribution list's post 
office. 


For details about distribution lists, see Chapter 18, “Creating and Managing Distribution Lists,” on 
page 285. 


eDirectory Groups and Organizational Roles 


eDirectory groups and organizational roles are general eDirectory objects that can be created to 
facilitate easier administration of eDirectory users who have common needs or who share a common 
role or responsibility. 


If you have eDirectory groups or organizational roles that you want GroupWise users to be able to 
address messages to, you need to make them available in your GroupWise system. When doing 50, 
you can choose the groups and roles that you want available, and choose which users they are 
available to. 


If a group or role contains both eDirectory users with GroupWise accounts and eDirectory users 
without GroupWise accounts, only those users with GroupWise accounts receive messages 
addressed to the group or role. 


As mentioned previously, Group and Organizational Role objects are not specific to Group Wise. For 
information about creating these objects, see your eDirectory documentation. 


The name given to the Group object or Organizational Role object becomes the name by which it is 
displayed in the GroupWise Address Book when you make it available. You make a group or role 
available in your GroupWise system by assigning it to a post office. This ensures that the group or 
role has a standard GroupWise address (name.post_office.domain). Regardless of the post office where 
the group or role is assigned, all GroupWise users can use it when addressing a message. 


You can determine which users see the group or role in the Address Book. System visibility enables 
all users in your GroupWise system to see the group or role. Domain visibility enables all users in the 
distribution list's domain to see the group or role. Post Office visibility enables all users in the 
distribution list's post office to see the group or role. Setting the visibility level to None means that no 
users can see the group or role in the Address Book. 


Users who cannot see the group or role in the Address Book can still use it by typing the name in the 
To field of the message. 
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For details about eDirectory groups and organizational roles, see Chapter 19, “Using eDirectory 
Groups as GroupWise Distribution Lists,” on page 301 and Chapter 20, “Using eDirectory 
Organizational Roles as GroupWise Distribution Lists,” on page 307. 
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Creating and Managing Distribution 
Lists 


A GroupWise distribution list can contain GroupWise users, resources, and other distribution lists. 
When creating the distribution list, you can determine each entry's participation in the list (primary 
recipient, carbon copy recipient, or blind copy recipient). Distribution lists are created in the 
GroupWise Address Book. When a GroupWise user addresses an item (message, appointment, task, 
or note) to a distribution list, group, or organizational role, each user or resource that is a member 
receives the item if he or she has a Group Wise account. 

+ Section 18.1, “Creating a New Distribution List,” on page 285 

+ Section 18.2, “Adding Members to a Distribution List,” on page 289 

+ Section 18.3, “Removing Members from a Distribution List,” on page 290 

+ Section 18.4, “Moving a Distribution List,” on page 290 

+ Section 18.5, “Renaming a Distribution List,” on page 291 

+ Section 18.6, “Enabling Users to Modify a Distribution List,” on page 291 

+ Section 18.7, “Controlling Access to a Distribution List,” on page 293 

+ Section 18.8, “Deleting a Distribution List,” on page 294 

+ Section 18.9, “Managing Email Addresses,” on page 294 

+ Section 18.10, “Adding External Users to a Distribution List,” on page 299 


18.1 Creating a New Distribution List 


1 In ConsoleOne, right-click the eDirectory container where you want to create the Distribution 
List object, then click New > Distribution List. 


Create GroupWise Distribution List 


Distribution List Name: 


GroupWWise Post Office: 


[ Define additional properties 


[ Create another distribution list 


2 Fillinthe following fields: 


Distribution List Name: Specify a descriptive name. Because the name is used as part of the 
distribution list’s GroupWise email address, do not use any of the following invalid characters in 
the distribution list name: 


ASCII characters 0-31 Comma , 


Asterisk * Double quote " 
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At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 


Backslash \ Parentheses () 
Braces { } Period . 
Colon : Slash / 


IMPORTANT: Characters that are valid and even desirable in a distribution list name, such as 
accented characters, might not be valid in an email address. For some distribution lists you 
might need to set up a preferred email ID in order to ensure that they have a valid email address. 
For instructions, see Section 18.9.1, “Changing a Distribution List’s Internet Addressing 
Settings,” on page 295. 


Group Wise Post Office: Select the post office the distribution list will be assigned to. The 
distribution list can contain members of other post offices. 


3 Select Define Additional Properties, then click OK. 


Properties of Salesmen 


roupWise + || NDS Rights + | Other | Rights to Files and Folders 
ntification 


Distinguished Name: Salesmen. GroupWise 


Post Office: |Provo2. Sales 
Description: 


Visibility: Post Office 


Replication Override: Replicate according to visibility 


E-Mail Address: 


4 On the Identification page, fill in the following fields: 


Description: Specify a description to help you identify the purpose or members of the 
distribution list. 


Visibility: Select the level at which the distribution list will be visible in the Address Book. 
System enables the distribution list to be visible to all users in your GroupWise system. Domain 
enables the distribution list to be visible to all users in the same domain as the distribution list. 
Post Office enables the distribution list to be visible to all users on the same post office as the 
distribution list. Setting the visibility level to None means that no users can see the distribution 
list in the Address Book. 


Replication Override: By default, distribution lists are replicated throughout your GroupWise 
system based on the selected visibility level. With the default visibility level, distribution lists are 
visible in the GroupWise Address Book for local post office users only and are not replicated to 
other post offices. 
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If you set Visibility to Domain, the distribution list is replicated to all post offices in the domain, 
but not to post offices belonging to other domains. If you set Visibility to System, the distribution 
list is replicated to all post offices in your GroupWise system. This default behavior corresponds 
to the Replicate According to Visibility setting. 


Select Replicate Everywhere Regardless of Visibility if you want the distribution list replicated 
throughout your GroupWise system regardless of the selected visibility level. With this setting, 
the distribution list is made available in all post offices, although it is still only visible in the 
GroupWise Address Book according to the selected visibility level. The availability of the 
distribution list in all post offices means that it can be nested into other distribution lists that are 
visible in any post office, and that users in any post office can manually specify the distribution 
list name in the To field of an item. 


E-Mail Address: Displays the default email address for the distribution list. Click the drop- 
down list to specify a custom email address. For example, if you created a distribution list with 
spaces in its name, you need to remove the spaces to create a valid email address. 


Click GroupWise > Membership to display the Membership page. 


Properties of Programmers 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Membership 


Membership: 


Members Participation First Name Last Name 


Page Options... OK Cancel Apply Help 
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6 Click Add, select the user, resource, distribution list, eDirectory group, or organizational role you 
want to add as a member, then click OK to add the member to the list. 


Properties of Programmers 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Membership 


Membership: 


Members Participation First Name Last Name 


askoczylas.Development.Provo1 To Alfons Skoczylas 


Page Options... OK Cancel Apply Help 


By default, the member is added as a primary recipient (To: recipient). 


7 If you want to change the member’s recipient type, select the member, click Participation, then 
click To, CC, or BC. 


8 Repeat Step 6 and Step 7 to add additional members. 
9 Click OK to save your changes. 
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18.2 Adding Members to a Distribution List 


Distribution lists can contain users, resources, groups, organizational roles, and other distribution 
lists. 


1 In ConsoleOne, right-click the Distribution List object, then click Properties. 
2 Click GroupWise > Membership to display the Membership page. 


Properties of Programmers 


GroupWise + | NDS Rights ~ | Other | Rights to Files and Folders | 
Membership 


Membership: 


Members Participation First Name Last Name 


Page Options... OK Cancel Apply Help 


3 Click Add, select the user, resource, distribution list, group, or organizational role you want to 
add as a member, then click OK to add the member to the list. 


If you want to add an external user that is not listed for selection, see Section 18.10, “Adding 
External Users to a Distribution List,” on page 299. 


Properties of Programmers 


GroupWise + | NDS Rights ~ | Other | Rights to Files and Folders | 
Membership 


Membership: 


Members Participation First Name Last Name 


askoczylas Development Provo1 To Alfons Skoczylas 


Page Options... OK Cancel Apply Help 


By default, the selected member is added as a primary recipient (To: recipient). 
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18.3 


18.4 


4 If you want to change the member's recipient type, select the member, click Participation, then 
click To, CC, or BC. 


5 Repeat Step 3 and Step 4 to add additional members. 
6 Click OK to save your changes. 
Distribution lists are typically managed by an administrator in ConsoleOne. Starting in GroupWise 7, 


users can be granted rights to modify distribution lists, as described in Section 18.6, “Enabling Users 
to Modify a Distribution List,” on page 291. 


In addition, GroupWise client users can create shared address books and then create groups within 
those shared address books so that the groups are available to all users with whom the address book 
has been shared. The creator of the shared address book can give other users read only rights, or can 
choose to grant them additional rights for adding, editing, and deleting information. For more 
information about shared address books, see “Sharing an Address Book with Another User” in 
“Contacts and Address Books” in the GroupWise 2012 Windows Client User Guide. 


Removing Members from a Distribution List 


When you remove users’ or resources’ GroupWise accounts, delete groups, delete organizational 
roles, or delete distribution lists, they are automatically removed from any distribution lists in which 
they have membership. 


To manually remove members from a distribution list: 


1 In ConsoleOne, right-click the Distribution List object, then click Properties. 
2 Click GroupWise > Membership to display the Membership page. 


3 Selectthe member you want to remove from the list, then click Delete. 


Moving a Distribution List 


If necessary, you can move a distribution list from one post office to another. For example, you might 
need to move a distribution list from a post office you are removing. 


The distribution list retains the same name on the new post office as it has on the current post office. 
If another user, resource, or distribution list assigned to the new post office has the same name, you 
must rename one of them before you move the distribution list. For details, see Section 18.5, 
“Renaming a Distribution List,” on page 291. 


To move a distribution list: 


1 In ConsoleOne, right-click the Distribution List object in the GroupWise View, then click Move to 
display the GroupWise Move dialog box. 
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IMPORTANT: You must select the Distribution List object in the GroupWise View. If you select 
the object in the standard Console View, you will move the Distribution List object from one 
container to another, not the distribution list from one post office to another. 


GroupWise Move Programmers 


Move to post office: 


| Cancel | Help 


2 Select the post office to which you want to move the distribution list, then click OK to move the 
distribution list. 


18.5 Renaming a Distribution List 


Situations might arise where you need to give a distribution list a new name. For example, you might 
need to move the distribution list to another post office that already has a user, resource, or 
distribution list with the same name. 


To rename a distribution list: 


1 In ConsoleOne, right-click the Distribution List object in the GroupWise View, then click Rename 
to display the Rename dialog box. 


New name: 


| Programmers! 


I Save old name 


2 Inthe New Name field, specify the new name for the distribution list. 


3 Make sure the Save Old Name box is not selected. Saving the old name causes duplicate 
distribution lists to appear in the Address Book. 


4 Click OK to rename the distribution list. 


18.6 Enabling Users to Modify a Distribution List 


In ConsoleOne, you can grant rights to users to modify distribution lists from the GroupWise 
Windows client. However, users cannot create or delete distribution lists; that can be done only in 
ConsoleOne by an administrator. 


To grant edit rights to a specific distribution list to one or more users: 


1 Browse to and right-click a Distribution List object, then click Properties. 
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2 Click GroupWise > Administration. 


Object ID Post Office Domain 


Page Options... Cancel Appl Help 


3 Click Add, then select one or more users who can edit the distribution list. 
4 Click OK to grant the edit rights. 
5 Notify the users that they have rights to modify the distribution list. 


To give a specific user rights to edit one or more distribution lists: 


1 Browse to and right-click a User object, then click Properties. 
2 Click GroupWise > Distribution List Administration. 


Properties of mbarnard 


Security + | Login Methods + | General + |GroupWise || Restrictions ~ | Memberships + | Securi 
| Distribution List Administration į 


Object ID Post Office Domain 


Page Options... 


3 Click Add, then select one or more distribution lists for the user to edit. 
4 Click OK to grant the edit rights. 
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5 Notify the user that he or she has rights to modify the distribution lists. 


In the GroupWise client, the editable distribution list does not appear any different to the user 
who has rights to edit it, except that Add and Remove are active for that user. 


In Online mode, the user can edit the distribution list in the GroupWise Address Book. In Caching 
mode, the user cannot edit the distribution list in the GroupWise Address Book. However, the user 
can edit the distribution list in the Address Selector in a new message. 


18.7 Controlling Access to a Distribution List 


By default, all GroupWise users can send to all distribution lists that appear in the GroupWise 
Address Book. If necessary, you can restrict which users are allowed to send to a specific distribution 
list. The restricted distribution list still appears in the GroupWise Address Book, but if unauthorized 
users try to send to the restricted distribution list, they receive an error indicating that they do not 
have the rights to use the restricted distribution list. 


To restrict access to a distribution list: 


1 Browse to and right-click a Distribution List object, then click Properties. 
2 Click GroupWise > Access Control. 


Properties of DistList 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders 
Access Control 


[ Object ID Post Office | Domain 


3 Click Add, select one or more users who are allowed to send to the restricted distribution list, 
then click OK to add the users to the Access Control list. 


4 (Optional) Click Add, select Distribution Lists, select one or more distribution lists that are 
allowed to send to the restricted distribution list, then click OK to add the distribution lists to the 
Access Control list. 


5 Click OK to grant the rights to the listed users and distribution lists for sending to the restricted 
distribution list. 


6 Notify the users that they have rights to send to the restricted distribution list. 
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18.8 


18.9 


In addition to the users that you add to the Access Control list, users to whom you have granted edit 
rights, as described in Section 18.6, “Enabling Users to Modify a Distribution List,” on page 291, can 
also send to the restricted distribution list, even if you do not explicitly add them to the Access 
Control list. 


NOTE: This functionality was introduced in GroupWise 8 Support Pack 2. If you still run GroupWise 
8 clients in your GroupWise 2012 system, you must update all GroupWise 8 clients to Support Pack 2 
or later in order for this feature to function for GroupWise 8 client users. 


Deleting a Distribution List 


To delete a single distribution list: 


1 In ConsoleOne, right-click the Distribution List object, then click Delete. 
2 Click Yes to confirm the deletion. 


To delete multiple distribution lists that belong to the same post office: 
1 In ConsoleOne, right-click the Post Office object, then click Properties. 
2 Click GroupWise > Distribution Lists. 


3 Select one or more distribution lists, then click Delete. 
4 Click OK to complete the deletion. 


Managing Email Addresses 


To ensure that distribution list addresses meet your needs, GroupWise enables you to determine the 
format and visibility of addresses, as well as create additional names for distribution lists. The 
following sections provide details: 

+ Section 18.9.1, “Changing a Distribution List's Internet Addressing Settings,” on page 295 

+ Section 18.9.2, “Changing a Distribution List's Visibility in the Address Book,” on page 296 

+ Section 18.9.3, “Creating a Nickname for a Distribution List,” on page 297 
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Changing a Distribution List's Internet Addressing Settings 


By default, a distribution list inherits its Internet address settings (preferred Internet address format, 
allowed address formats, and Internet domain name) from its post office, domain, or GroupWise 
system. If necessary, you can override these settings for a distribution list. 


1 In ConsoleOne, right-click the Distribution List object, then click Properties. 
2 Click GroupWise, then click Internet Addressing to display the Internet Addressing page. 


Properties of Salesmen 


i upWise | NDS Rights v | Other | Rights to Files and Folders | 
Internet Addressing 


Preferred Address format: 


Preferred EMail ID: 
@Internet domain name 
Defined at: Corporate Mail 
Allowed Address Formats 
v] UserID. Post Office@Internet domain name 


V] UserID@ Internet domain name 


Last Name.First Name@Internet domain name 


First Name.Last Name@Internet domain name 


First Initial Last NameInternet domain name 


Internet domain name: 


Defined at: Corporate Mail 
For incoming mail, recipients are known exclusively by this Internet domain name 


View EMail Addresses 


3 To override one of the settings, select the Override box, then change the setting. 


Preferred Address Format: The preferred address format determines how the distribution list’s 
address is displayed in the GroupWise Address Book and in sent messages. 


At the distribution list level, only three preferred address formats are available. The address 
formats that include first name, last name, and first initial do not apply to distribution lists, so 
they are not available. 


You can completely override the address format by explicitly defining the user portion of the 
address (userOlnternet domain name). The user portion can include any RFC-compliant characters 
(no spaces, commas, and so on). The distribution list name portion must be unique within its 
Internet domain. This means that a distribution list name can be used multiple times in your 
GroupWise system, provided it is used only once in each Internet domain. 


Allowed Address Formats: The allowed address formats determine which address formats can 
be used to send messages to the distribution list. 


Only the UserID.Post Office@Internet domain name and UserID@Internet domain name formats are 
valid for distribution lists. The formats that include first name, last name, and first initial are not 
valid. 


For example, assume that you use DL1 as the distribution list ID, Research as the post office, and 
novell.com as the Internet domain. If you select the two valid formats, members of the 
distribution list receive messages sent using either of the following addresses: 


dil.research@novell.com 
dli@novell.com 
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Internet Domain Name: The Internet domain name, along with the preferred address format, is 
used when constructing the email address that is displayed in the Group Wise Address Book and 
in the To field of sent messages. 


Only the Internet domain names that have been defined are displayed in the list. Internet 
domain names must be defined at the system level (Tools > GroupWise System Operations > Internet 
Addressing). For more information, see Section 52, “Configuring Internet Addressing,” on 

page 743. 


If you override the Internet domain name, the For Incoming Mail, Recipients are Known Exclusively 
by This Internet Domain Name option becomes available. Enable this option if you only want the 
distribution list to be able to receive messages addressed with this Internet domain name. If you 
don't enable this option, the distribution list receive messages addressed using any of the 
Internet domain names assigned to your GroupWise system. 


View E-Mail Addresses: Click View E-Mail Addresses at the bottom of the Internet Addressing 
page to display a list of the various email address formats that can successfully deliver email to 
this distribution list, including any nicknames or gateway aliases that have been defined for this 
distribution list. For more information, see: 


+ Section 52.1.4, “Preferred Address Format,” on page 744 and Section 52.1.5, “Allowed 
Address Formats,” on page 747 


+ Section 14.7.4, “Creating a Nickname for a User,” on page 252 


+ Section 52.3, “Transitioning from SMTP Gateway Aliases to Internet Addressing,” on 
page 754 


4 Click OK to save your changes. 


18.9.2 Changing a Distribution List’s Visibility in the Address Book 


A distribution list’s visibility level determines which users see the distribution list in the Address 
Books. You can control the availability of a distribution list by displaying it in the Address Book for 
all users in your GroupWise system, in the Address Book for those users in the distribution list’s 
domain only, in the Address Book for those users on the distribution list’s post office only, or not 
displaying it at all. 


1 In ConsoleOne, right-click the Distribution List object, then click Properties. 


Salesmen 


+ | NOS Rights + | Other | Rights to Files and Folders 


Distinguished Name: Salesmen. GroupWise 


Post Office: Provo2.Sales 
Description: 


Visibility: Post Office 


Replication Override: Replicate according to visibility 


E-Mail Address: 
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2 Inthe Visibility field, select the desired visibility level. 


System: The distribution list is displayed in the Address Book for all users in your GroupWise 
system. 


Domain: The distribution list is displayed in the Address Book for all users in the distribution 
list's domain. 


Post Office: The distribution list is displayed in the Address Book for all users on the 
distribution list's post office. 


None: The distribution list not displayed in the Address Book. 
3 Click OK to save your changes. 


Creating a Nickname for a Distribution List 


Each distribution list has a specific Group Wise address consisting of the distribution list’s name, post 
office, and domain (distribution, list name.post. office.domain). You can assign one or more nicknames 
to a distribution list to give it an additional address. Each part of the address (distribution list name, 
post. office, and domain) can be different than the distribution list's actual address. 


Nicknames are useful in the following situations: 


+ You rename a distribution list, as described in Section 18.5, “Renaming a Distribution List,” on 
page 291. You can create a nickname that retains the old distribution list name, so that messages 
with the old distribution list name in the email address are routed to the new email address. 


+ You move a distribution list, as described in Section 18.4, “Moving a Distribution List,” on 
page 290. You can create a nickname that retains the old post office location. As messages to the 
moved distribution list arrive in your GroupWise system, the email address is routed to the new 
post office location. 


+ You need to restrict a distribution list’s visibility in the Group Wise Address Book, as described in 
Section 6.2, “Controlling Object Visibility,” on page 110, and at the same time, you need to make 
the distribution list visible in one or more specific Address Books outside of the restricted 
visibility. You can create a nickname that provides the specific visibility that is ruled out by the 
required restriction. 


In ConsoleOne, you can list all the nicknames in your GroupWise system in the GroupWise View. In 
the GroupWise client, you can display resource nicknames in the GroupWise Address Book if you 
enable Filter for Resources. When addressing a message, users need to know a nickname in order to 
use it. 


To create a nickname for a distribution list: 


1 In ConsoleOne, right-click the Distribution List object, then click Properties. 
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2 Click GroupWise > Nicknames to display the Nicknames page. 


Properties of Programmers 


vil NDS Rights + | Other | Rights to Files and Folders: 


Object ID Domain Post Office 


Page Options... 


Create Nickname 


Creating nickname for Programmers Groupise 


Domain.PO: | 


Object ID: [ 


Visibility: [System 


Given Name: | 


Last Name: 


Expiration Date: T Enable | 


Cancel Help 


4 Fillin the following fields: 


Domain.PO: Select the post office that you want to own the nickname. This can be any post 
office in your GroupWise system; it does not need to be the distribution list’s post office. 


Object ID: Specify the name to use as the distribution_list_name portion of the nickname. The 
name must be unique. 


Visibility: Select the Address Book visibility for the nickname. This determines where the 

nickname is available (system, domain, or post office). However, nicknames are not displayed in 
the Address Book unless you filter for them. In order to address a message to a nickname, a user 
must specify the nickname address, and the nickname must be available in the user’s post office. 


External Sync Override: This option applies only if your GroupWise system links to and 
synchronizes with an external system, as described in “Connecting to Other GroupWise 
Systems” in the GroupWise 2012 Multi-System Administration Guide. 


+ Synchronize According to Visibility: The nickname information is synchronized to 
external systems only if visibility is set to System. 


+ Synchronize Regardless of Visibility: The nickname information is synchronized to 
external systems regardless of the object visibility. 
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18.10.1 


18.10.2 


18.10.3 


+ Don't Synchronize Regardless of Visibility The nickname information is not 
synchronized to external systems. 


Given Name: This field is not used for distribution list nicknames. 
Last Name: This field is not used for distribution list nicknames. 


Expiration Date: If you want the nickname to no longer work after a certain date, click Enable 
and then select the desired date. 


5 Click OK to add the nickname to the list. 
6 Click OK to save the changes to the Distribution List object. 


Adding External Users to a Distribution List 


Members of distribution lists must have corresponding eDirectory objects. If you want to add users to 
a distribution list, and the users do not belong to your GroupWise system, you must create objects to 
represent these external users within your GroupWise system. 


» Section 18.10.1, “Creating an External Domain,” on page 299 
+ Section 18.10.2, “Creating an External Post Office,” on page 299 
+ Section 18.10.3, “Creating an External User,” on page 299 


For more information, see Section 6.8, “Adding External Users to the GroupWise Address Book,” on 
page 116. 


Creating an External Domain 


You create an external domain to represent the world outside your GroupWise system. 


1 In ConsoleOne, right-click Group Wise System, then click New > External Domain. 


2 Provide a unigue name for the domain, then click OK. 


Creating an External Post Office 


You create an external post office in the external domain to hold External User objects. 


1 In ConsoleOne, right-click the External Domain object, then click New > External Post Office. 


2 Provide a unique name for the post office, then click OK. 


Creating an External User 


You create an external user so that it can be selected when adding members to a distribution list. 


In ConsoleOne, right-click the External Post Office object, then click New > External User. 
Provide a unigue name for the user, then click OK. 

Right-click the new External User object, then click Properties. 

On the Identification page, fill in at least the first and last names. 

Click GroupWise > Internet Addressing. 


Select Override. 


N Oo GI R 0 N F 


Select the preferred addressing format depending on how you want email to this user to be 
addressed. 
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or 
Provide a preferred email ID. 
8 Click OK to save the user information. 


9 Follow the instructions in Section 18.2, “Adding Members to a Distribution List,” on page 289 to 
add the external user to a distribution list. 
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Using eDirectory Groups as GroupWise 
Distribution Lists 


Novell eDirectory groups can be configured to function as GroupWise distribution lists. 


+ Section 19.1, “Setting Up an eDirectory Group for Use in GroupWise,” on page 301 


+ Section 19.2, “Seeing Which Members of an eDirectory Group Have GroupWise Accounts,” on 
page 303 


+ Section 19.3, “Changing a Groups Visibility in the Address Book,” on page 304 
+ Section 19.4, “Moving a Group,” on page 304 
+ Section 19.5, “Renaming a Group,” on page 305 


+ Section 19.6, “Removing a Group from GroupWise,” on page 305 


19.1 Setting Up an eDirectory Group for Use in GroupWise 


By default, eDirectory groups are not automatically available for use as distribution lists in 
GroupWise. To make an eDirectory group available as a GroupWise distribution list, you need to 
assign it to a GroupWise post office. 


1 In ConsoleOne, right-click the eDirectory Group object, then click Properties. 


Group objects and Distribution List objects have similar icons in ConsoleOne. 


Icon Object 


28 eDirectory Group object 


& GroupWise Distribution List object 
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2 Click GroupWise > Account to display the Account page. 


Properties of Help Desk 


General + | Members | Security Equal To Me | G DS Rights + | Other | Rights to Files and Folders | 


Post Office: 


Visibility: |Post Office 


3 Fill in the following fields: 


Post Office: Select the post office where you want to assign the group. You can choose any post 
office you want. If you plan to limit visibility of the group to users on a specific post office or ina 
specific domain, you should select that post office or a post office in the desired domain. 


Visibility: Select the level at which the group is visible in the Address Book. System enables the 
group to be visible to all users in your GroupWise system. Domain enables the group to be 
visible to all users in the same domain as the group. Post Office enables the group to be visible to 
all users on the same post office as the group. Setting the visibility to None means that the group 
is not visible at any level. However, even if the group is not displayed in a user’s Address Book, 
he or she can use the group by typing the group’s name in a message’s To field. 


4 Click OK to save the changes. 


The group is now treated like a GroupWise distribution list and is visible in the GroupWise View 
when you filter on distribution lists. However, its icon does not change. 


When GroupWise users send messages to the group, only those group members who have 
GroupWise accounts receive messages. 


For information about using dynamic groups with GroupWise, see TID 3074853 in the Novell 
Support Knowledgebase (http://www.novell.com/support). 
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19.2 Seeing Which Members of an eDirectory Group Have 
GroupWise Accounts 


eDirectory groups can include members who have GroupWise accounts and members who do not 
have GroupWise accounts. When the group is used to address a message, only those members who 
have GroupWise accounts receive the message. 


To see which members have GroupWise accounts and which ones do not: 


1 In ConsoleOne, select the Group object, then click Tools > GroupWise Diagnostics > Display Object. 


GroupWise Diagnostics 


GroupWise information for selected object 


Description 


Provo1 

(CORP. TREE) admin.Docdev.Novell 
0 

Role 


1 
71C31030-166F-0000-B40D-5C00BD000B00 
Provo1 Development mpalu 
Provo1 

(] J Maditination Thiwedeu entiers 12 INT 29042 AM GMT N7-NN 


eDirectory information for selected object 


Equivalent To Me aslater Users Docdev Novell 
zlucas Users Docdev Novell 
mpalu. Users Docdev Novell 
NGA Visibility 1 
modifiersName CN=admin,OU=Docdey O=Novell 
GUID 80FCDD7E08E8D9118ED1 00C04F476EBC 
Role Occupant aslater Users.Docdev Novell 
zlucas Users Docdey Novell 
mpalu Users Docdev Novell 
NG: GroupWise ID Provo1 Development Help Desk{110}8COSEB60-0928-0000-B745-7B0068007500 


u Phl-ermin AI -Danav N-ħlavall 


OK 


The Member To field in the top window displays the members who have GroupWise accounts. 
The Role Occupant field in the bottom window displays all members. 


2 When you have finished viewing the information, click OK. 
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19.3 Changing a Group's Visibility in the Address Book 


An eDirectory group's visibility level determines which users see the group in the Address Books. 
You can control the availability of a group by displaying it in the Address Book for all users in your 
GroupWise system, in the Address Book for those users in the group's domain only, in the Address 
Book for those users on the group's post office only, or not displaying it at all. 


1 In ConsoleOne, right-click the Group object, then click Properties. 
2 Click GroupWise > Account to display the Account page: 


Properties of Help Desk 
General + | Members | Security Equal To Me |F ¢ {| NDS Rights + | Other | Rights to Files and Folders | 


Post Office: 


Visibility: |Post Office 


3 Inthe Visibility field, select the desired visibility level. 
System: The group is displayed in the Address Book for all users in your GroupWise system. 
Domain: The group is displayed in the Address Book for all users in the group’s domain. 
Post Office: The group is displayed in the Address Book for all users on the group’s post office. 
None: The group is not displayed in the Address Book. 

4 Click OK to save your changes. 


19.4 Moving a Group 


If necessary, you can move an eDirectory group from one post office to another. For example, you 
might need to move a group from a post office you are removing. 


The group retains the same name on the new post office as it has on the current post office. If another 
object (user, resource, distribution list, group, or organizational role) assigned to the new post office 
has the same name, you must rename one of them before you move the group. For details, see 
Section 18.5, “Renaming a Distribution List,” on page 291. 


To move an eDirectory group from one post office to another: 


1 In ConsoleOne, right-click the Group object in the GroupWise View, then click Move to display 
the GroupWise Move dialog box. 
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IMPORTANT: You must select the eDirectory Group object in the GroupWise View by listing 
GroupWise distribution lists. If you select the Group object in the standard Console View, you 
move the Group object from one eDirectory container to another, not the group/distribution list 
from one post office to another. 


GroupWise Move Help Desk 


Move to post office: 


| Cancel | Help 


2 Select the post office to which you want to move the group, then click OK to move the group. 


19.5 Renaming a Group 


Situations might arise where you need to give an eDirectory group a new name. For example, you 
might need to move the group to another post office that already has an object (user, resource, 
distribution list, group, or organizational unit) with the same name. 


When you rename an eDirectory group, you rename the Group object. This means that not only are 
you changing the name in GroupWise, but also in eDirectory. 


1 In ConsoleOne, right-click the Group object, then click Rename to display the Rename dialog box. 


New name: 


Help Desk] Desk 
| Cancel 
[ Save old name 

Help 


2 Inthe New Name field, specify the new name for the group. 


3 Make sure the Save Old Name box is not selected. Saving the old name causes duplicate groups to 
appear in the Address Book. 


4 Click OK to rename the group. 


19.6 Removing a Group from GroupWise 


If you decide that you no longer want an eDirectory group to be a distribution list in GroupWise, you 
can remove its association with a GroupWise post office, so that it returns to being just an eDirectory 


group. 
1 In ConsoleOne, right-click the Group object, click Delete, then click Yes to confirm that you want 
to delete the object. 
2 Inthe eDirectory Account box, deselect Delete to retain the Group object in eDirectory. 
The Delete option in the GroupWise Account box is selected by default and cannot be deselected. 
3 Click OK twice to complete the deletion. 
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Using eDirectory Organizational Roles 
as GroupWise Distribution Lists 


Organizational roles can be configured to function as GroupWise distribution lists. 


+ Section 20.1, “Setting Up an Organizational Role for Use in GroupWise,” on page 307 


+ Section 20.2, “Seeing Which Members of an Organizational Role Have GroupWise Accounts,” 
on page 308 


+ Section 20.3, “Changing an Organizational Role's Visibility in the Address Book,” on page 309 
+ Section 20.4, “Moving an Organizational Role,” on page 310 
+ Section 20.5, “Renaming an Organizational Role,” on page 310 


+ Section 20.6, “Removing an Organizational Role from GroupWise,” on page 311 


20.1 Setting Up an Organizational Role for Use in GroupWise 


By default, Novell eDirectory organizational roles are not automatically available for use as 
distribution lists in GroupWise. To make an organizational role available, you need to assign it to a 
GroupWise post office. 


1 In ConsoleOne, right-click the Organizational Role object, then click Properties. 
2 Click the GroupWise tab to display the Account page. 


Properties of GroupWise Administrators 


General + | Security Equal To Me | GroupWise || NDS Rights + | Other | Rights to Files and Folders | 
jAccount =| 


Post Office: Provo1 Development 


Visibility: Post Office 


Page Options... Cancel 


3 Fill in the following fields: 
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Post Office: Select the post office where you want to assign the organizational role. You can 
choose any post office you want. If you plan to limit visibility of the organizational role to users 
on a specific post office or in a specific domain, you should select that post office or a post office 
in the desired domain. 


Visibility: Select the level at which the role is visible in the Address Book. System enables the 
role to be visible to all users in your GroupWise system. Domain enables the role to be visible to 
all users in the same domain as the role. Post Office enables the role to be visible to all users on 
the same post office as the role. Setting the visibility to None means that the role is not visible at 
any level. However, even if the role is not displayed in a user's Address Book, he or she can use 
the role by typing the role's name in a message's To field. 


4 Click OK to save the changes. 


The organizational role is now treated like a GroupWise distribution list and is visible in the 
GroupWise View when you filter on distribution lists. However, its icon does not change. 


When GroupWise users send messages to the organization role, only those role members who have 
GroupWise accounts receive messages. 


20.2 Seeing Which Members of an Organizational Role Have 


308 


GroupWise Accounts 


eDirectory organizational roles can include members who have GroupWise accounts and members 
who do not have GroupWise accounts. When the organizational role is used to address a message, 
only those members who have GroupWise accounts receive the message. 


To see which members have GroupWise accounts and which ones do not: 


1 In ConsoleOne, select the Organizational Role object, then click Tools > GroupWise Diagnostics > 
Display Object. 


GroupWise Diagnostics 


GroupWise information for selected object 


Description 
Groupise Administrators 
1 
Provot 
(CORP. TREE) admin Docdev Novell 
0 
Role 


1 

D7BAC340-1 661 -0000-B40D-SCOOBDO00B00 
Provo2.Sales mdelatorre 

Provo1 

Thirsdav lamiaru 12. ONT 2:20:42 AM GMT NATAN 


eDirectory information for selected object 


Description Value 
Equivalent To Me mdelatorre.Users Docdey Novell 
aslater Users Docdey Novell 
zlucas Users Docdev Novell 
NG Visibility 1 
modifiersName CN=admin OU=Docdev O=Novell 
GUID 00841F445EE7D9118ED100C04F476EBC 
Role Occupant mdelatorre Users Docdey Novell 
aslater Users Docdevy Novell 
zlucas Users Docdev Novell 
NG: Groupise ID Provol Development GroupWise Administrators(1 10 }8CO5EB60-0928-0000-B745-7BO0068007 = 


1 DE 


Mo Chi-erinin Al -Dannay O-Newvelll 


OK 
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20.3 


The top window displays the members who have GroupWise accounts. The bottom window 
displays all members. 


2 When you have finished viewing the information, click OK. 


Changing an Organizational Role’s Visibility in the Address 
Book 


An organizational role’s visibility level determines which users see the role in the Address Books. 
You can control the availability of a role by displaying it in the Address Book for all users in your 
GroupWise system, in the Address Book for those users in the role’s domain only, in the Address 
Book for those users on the role’s post office only, or not displaying it at all. 

1 In ConsoleOne, right-click the Organizational Role object, then click Properties. 


2 Click GroupWise > Account to display the Account page: 


Properties of GroupWise Administrators 


General v | Security Equal To Me | DS Rights + | Other | Rights to Files and Folders | 


Post Office: [Provo1 Development 


Visibility: [Post Office 


Page Options... | Cancel | 


3 Inthe Visibility field, select the desired visibility level. 


System: The organizational role is displayed in the Address Book for all users in your 
GroupWise system. 


Domain: The organizational role is displayed in the Address Book for all users in the role’s 
domain. 


Post Office: The organizational role is displayed in the Address Book for all users on the role’s 
post office. 


None: The organizational role is not displayed in the Address Book. 


4 Click OK to save your changes. 
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20.4 Moving an Organizational Role 


If necessary, you can move an organizational role from one post office to another. For example, you 
might need to move an organizational role from a post office you are removing. 


The organizational role retains the same name on the new post office as it has on the current post 
office. If another object (user, resource, distribution list, group, or organizational role) assigned to the 
new post office has the same name, you will need to rename one of them before you move the 
organizational role. For details, see Section 18.5, “Renaming a Distribution List,” on page 291. 


To move an organizational role from one post office to another: 


1 In ConsoleOne, right-click the Organizational Role object in the GroupWise View, then click 
Move to display the Group Wise Move dialog box. 


IMPORTANT: You must select the Organizational Role object in the GroupWise View by listing 
GroupWise distribution lists. If you select the Organizational Role object in the standard 
Console View, you move the Organizational Role object from one eDirectory container to 
another, not the organizational role/distribution list from one post office to another. 


GroupWise Move GroupWise Administrators E3) 


Move to post office: 


| 8) 


| Cancel | Help | 


2 Select the post office to which you want to move the organizational role, then click OK to move 
the organizational role. 


20.5 Renaming an Organizational Role 


Situations might arise where you need to give an organizational role a new name. For example, you 
might need to move the organizational role to another post office that already has an object (user, 
resource, distribution list, group, or organizational unit) with the same name. 


When you rename an organizational role, you rename the Organizational Role object. This means 
that you are not only changing the name in GroupWise, but also in eDirectory. 


To rename an organizational role: 


1 In ConsoleOne, right-click the Organizational Role object, then click Rename to display the 
GroupWise Rename dialog box. 


New name: 


GroupWise Administrators 


I Save old name 


Cancel 


Help 


2 Inthe New Name field, specify the new name for the organizational role. 


3 Click OK to rename the organizational role. 
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20.6 Removing an Organizational Role from GroupWise 


If you decide that you no longer want an organizational role to be a public address list in GroupWise, 
you can remove its association with a GroupWise post office, so that it returns to being just an 
eDirectory organizational role. 


1 In ConsoleOne, right-click the Organizational Role object, click Delete, then click Yes to confirm 
that you want to delete the object. 


2 Inthe eDirectory Account box, deselect Delete to retain the Organizational Role object in 
eDirectory. 


The Delete option in the GroupWise Account box is selected by default and cannot be deselected. 
3 Click OK twice to complete the deletion. 
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Libraries and Documents 


+ Chapter 21, “Document Management Services Overview,” on page 315 
* Chapter 22, “Creating and Managing Libraries,” on page 323 

+ Chapter 23, “Creating and Managing Documents,” on page 359 

+ Chapter 24, “Integrations,” on page 387 
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Document Management Services 
Overview 


GroupWise Document Management Services (DMS) lets users create documents with integrated 
applications, save them, then easily locate a specific document later without knowing the application, 
a specific document name, or the document's physical location. Users can create, share, locate, edit, 
view, and check out documents that are created under the management of Group Wise DMS. 


A GroupWise DMS system consists of the following components: 


+ Section 21.1, “Libraries,” on page 316 
¢ Section 21.2, “Document Storage Areas,” on page 317 
+ Section 21.3, “Documents,” on page 318 


+ Section 21.4, “Integrations,” on page 321 
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21.1 Libraries 


A library is a set of documents and a database that allows the documents to be managed as a unit. A 
library must belong to a specific post office but can be accessed by users in other post offices. The 
GroupWise client enables users to store and manage their documents in the library. The GroupWise 
Post Office Agent (POA) transfers documents between the GroupWise client and the library. 


Library Post Office 


wy 


eee 
GroupWise GroupWise GroupWise 
Client Client Client 


|| | 


a = 
Integrated Integrated Integrated 
Application Application Application 


User User User 


In ConsoleOne, a library can be viewed where it resides in the Novell eDirectory tree. 


KS Novell ConsoleOne BEE) 


Fie Edit View Wizards Tools Help 


al əlse eaea 


a pi CORP_TREE Console View 
44 ET & Help Desk @ Provo2 
& Secretaries Q Provo3 
“A Development & AccountReps @ Provo4 
-QA Legal & Engineers @ Waltham 
-QÀ Marketing & Programmers @ Waltham2 
: so & Salesmen QA Administration 
ro 68 Testers Q Development 
@ Provo4 @ Company Car1 AQA Legal 
A Sales @ Company Car 2 Qa Marketing 
Ga Support a Conference Room 2012 Q Sales 
18) waltham © Group Meeting Room Q Support 
@ Wattham2 @ Lunchroom @ Administration Library 
& Novell @ Projector jäi Development Library 
F Security @ Provot @ Marketing Library 
® GroupWise System 4 >| 29 items À 


Iser: admin Docdey Novell ree: CORP_TREE 


A library can also be viewed in relationship to the post office that owns it. 
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21.2 


KS Novell ConsoleOne 
File Edit View Tools Help 


ae | ee À täi Libraries be 
Qa Sales Object ID Post Office Name 


il Development Libra...Provol Development a] 


E Q Support 
E- waltham 
@ waltham2 
(ly Novell 
-fA Security 
8% NOVELL INC 
= GroupWise System 
iQ Provot 
Eks EEE 
Qa Legal 
#-@ Provoz 
H-A Provo3 
a- Provo4 


In the GroupWise Windows client, users can view a list of all the libraries to which they have access 
by clicking Tools > Options > Documents. 


Documents Setup 


Library Configuration | Integrations | General 


Library names: Properties... 
“Accounting Library ] 
Development Library [Default] Set Default 


Research Library 


Physically, a library consists of a set of directories and databases stored in the gwdms subdirectory of 
the post office, as illustrated in “Post Office Directory” in GroupWise 2012 Troubleshooting 3: Message 
Flow and Directory Structure. 


For complete information on libraries, see Chapter 22, “Creating and Managing Libraries,” on 
page 323. 


Document Storage Areas 


Documents can be stored at the post office, as illustrated in “Post Office Directory” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. This is the simplest configuration, but it is not 
recommended for libraries where substantial growth is anticipated because documents stored at the 
post office cannot easily be moved to a different location where additional storage space is available. 


Preferably, documents should be stored outside the post office, in document storage areas. Document 
storage areas are physical locations, such as drive volumes, optical devices, hard drives on other 
servers, and so on. Document storage areas can be located anywhere that the POA can access them 
locally or using direct network access (mapped drive or mounted file system). 
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21.3 


21.3.1 


A document storage area has the same internal directory structure that is used to store documents at 
the post office. The only difference is that a document storage area can be located anywhere in your 
system. Therefore, a document storage area can be moved easily, so it is easy to expand your 
document storage capacity if you store documents in a document storage area rather than at the post 
office. 


For complete information on document storage areas, see Section 22.6.2, “Managing Document 
Storage Areas,” on page 345. 


Documents 


Documents created using Group Wise DMS are not stored as individual files. Instead, documents are 
stored in database structures called binary large objects (BLOBs). A document and all of its versions 
are stored in the separate BLOB files. BLOBs are compressed (50% or more) to conserve storage 
space. BLOBs are encrypted to provide security. 


Because documents are stored in a database structure, information can be associated with each 
document that is not part of the document itself, such as: 


+ Section 21.3.1, “Document Properties,” on page 318 
+ Section 21.3.2, “Document Types,” on page 319 


For complete information on documents, see Chapter 23, “Creating and Managing Documents,” on 
page 359. 


Document Properties 


Document properties are attributes that determine what users see on the document property sheets 
when they create DMS documents. In the Group Wise Windows client, the default document 
properties for a new document appear like this: 


New Document 
Document | Version | Sharing | Activity Log 


Library: evelopment Library 


Document number: 


Subject: 


Document type: Document 


Author: provo1.development. mpalu 
Creator: 


Date created: 219/2012 10:09 AM 


Official version: 0 


Current version: 


C Open document now 


In ConsoleOne, the default document properties for a library are defined like this: 
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21.3.2 


«« Document Properties Maintenance 
File Edit Help 


E *l21=]| 
"SP Provo2.Sales 
El “ Libraries 


ih -B Lookup Tables | 


Document Number 
Document Type 
Official Ver # 
Subject 


Data Type | Lookup Table Required Read-only Hidden 
String 
String 
Number 
Date 
Number 
String 
Number 


String 


Document Type 


EEK) 


Max Lengl Text Case 
256 Mixed 
256 Mixed 


65535 Mixed 


65535 Mixed 


The default document properties are often adequate, but for some libraries, additional customized 
document properties can be very useful. For example, the legal department might want Client and 
Matter fields to be required for most documents created by anyone in that department. 


NOTE: Document properties cannot be set in ConsoleOne on Linux. However, you can use 
ConsoleOne on Windows to set document properties for libraries that are located on Linux. 


Document Types 


The Document Type property defines how a document is disposed of when its “life” in the system 
has expired. It is a required field. Users select a document type each time they create a new 


document. 


Lookup 


Document type 


Document 


Document 
Expense 
Form 
Graph 
Image 
Memo 
Minutes 
Misc 
Project 


Maximum versions: 100 
Life: 365 days 
Archive 


Action: 


A number of default document types are provided, as shown above. If needed, you can set up 
additional document types. For example, you could set up Pleading for the legal department, 
Spreadsheet for accounting, Correspondence for administration, RFP for marketing, White Paper for 


R&D, and so on. 


The document type establishes the following document characteristics: 


+ “Maximum Versions’ 


” on page 320 


+ “Document Life” on page 320 


+ “Expiration Actions” 


on page 320 
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The following table lists some of the default document types and their default characteristics: 


Document Type Maximum Versions Expiration Action Document Life 


Agenda 100 Archive 99 days 
Document 100 Archive 365 days 
Memo 1 Delete 99 days 
Minutes 100 Archive 99 days 
Misc 10 Archive 30 days 
Proposal 100 Archive 99 days 
Report 100 Archive 99 days 
Template 100 Archive 365 days 


Maximum Versions 


Users can create new versions of their documents when they revise them. Version numbers are 
automatically incremented. 


Any version of a document can be designated as the official version by the user. The official version, 
which is not necessarily the most recently edited version, is the one located in searches. GroupWise 
users have the right to designate an official version if they have Edit rights to the document. 


Each document type property has a maximum number of versions (up to 50,000 per document). Most 
types have a default of 99 versions. À maximum of 0 (zero) versions means that documents of that 
type cannot have versions. 


Document Life 


Document life is the number of days that must pass between the time when a document is last 
accessed and when it is ready for archival or deletion. À document life value of 0 (zero) indicates that 
the document will never be available for archival or deletion. 


Expiration Actions 


When a documents life expires, its associated expiration action takes place: 


Archive: The document is archived when it reaches its document life date. This is useful for 
important documents because archived documents can be unarchived. 


Delete: The document is automatically deleted when its document life date is reached. This is useful 
for documents that are temporary in nature. 


Retain: The document is not deleted or archived, and remains in the system indefinitely. This option 
is practical for documents that have a recurring use, such as template documents. 
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21.4 Integrations 


Integrations serve as the “glue” between document-producing applications and your GroupWise 
DMS system. Integrations provide code specifically designed to allow function calls, such as Open or 
Save, to be redirected to the GroupWise Windows client. This allows GroupWise dialog boxes to be 
displayed instead of the application's normal dialog boxes for the integrated functions. Integrations 
also allow GroupWise to pull documents from a library and deliver them to applications for 
modification. Then, integrations enable GroupWise to return modified documents to the library so 
that other users can access them. 


For complete information on the integrations available for the Windows client, see Chapter 24, 
“Integrations,” on page 387. 
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Creating and Managing Libraries 


When you first set up a new GroupWise system, a basic library is automatically created for the first 
post office. A basic library is adeguate when: 


+ Document management is not a primary activity of your GroupWise users. 


+ The library will store documents created and used by members of the post office that owns the 
library, or, if you do not need one basic library per post office, by all users within a domain. 


+ All documents will be stored at the post office or in a single document storage area external to 
the post office that owns the library. 


If your anticipated document management needs are more demanding than those listed above, you 
can set up one or more full-service libraries, where you can implement the full range of document 
management capabilities offered by GroupWise Document Management Services (DMS). 


NOTE: The Linux version of ConsoleOne allows you to create libraries, but it does not allow you to 
set document properties as described in Section 23.2, “Organizing Documents in Libraries,” on 
page 362. 


To use one or more libraries as part of your GroupWise system, perform the following tasks as 
needed: 

+ Section 22.1, “Planning a Basic Library,” on page 324 

+ Section 22.2, “Setting Up a Basic Library,” on page 326 

+ Section 22.3, “Planning Full-Service Libraries,” on page 328 

+ Section 22.4, “Setting Up a Full-Service Library,” on page 338 

+ Section 22.5, “Viewing a New Library in Your GroupWise System,” on page 341 

+ Section 22.6, “Managing Libraries,” on page 342 

+ Section 22.7, “Library Worksheets,” on page 355 


IMPORTANT: If you are creating a new library in a clustered GroupWise system, see the Group Wise 
2012 Interoperability Guide before you create the library. 
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22.1 


22.1.1 


22.1.2 


22.1.3 


Planning a Basic Library 


An initial basic library was created along with the first post office when you set up your GroupWise 
system. That initial basic library is available for immediate use. However, you might want to change 
the location where documents are stored, as described in Section 22.1.4, “Deciding Where to Store 
Documents,” on page 325. You can also create additional basic libraries as needed. 


This section provides the information you need in order to set up a new basic library. Section 22.7.1, 
“Basic Library Worksheet,” on page 355 lists all the information you need as you set up a basic 
library. You should print the worksheet and fill it out as you complete the tasks listed below: 


+ Section 22.1.1, “Selecting the Post Office That the Library Will Belong To,” on page 324 
+ Section 22.1.2, “Determining the Context for the Library Object,” on page 324 

+ Section 22.1.3, “Choosing the Library Name,” on page 324 

+ Section 22.1.4, “Deciding Where to Store Documents,” on page 325 


After you have completed the tasks and filled out the worksheet, you are ready to continue with 
Section 22.2, “Setting Up a Basic Library,” on page 326. 


Selecting the Post Office That the Library Will Belong To 


If you are creating a basic library for each post office in your GroupWise system, print a copy of 
Section 22.7.1, “Basic Library Worksheet,” on page 355 for each post office. 


If users in several post offices will store documents in the same basic library, you must decide which 
post office should own the library. A library can never be reassigned to a different post office, so you 
should choose the owning post office carefully. You should consider which users will use the library 
most frequently and where you might want to create additional libraries in the future. 


BASIC LIBRARY WORKSHEET 


Under Item 3: Post Office, specify the name of the post office that will own the new basic library. 


Determining the Context for the Library Object 


Generally, you should create the Library object in the same context as its post office. You cannot move 
a Library object after you have created it. 
BASIC LIBRARY WORKSHEET 


Under Item 1: eDirectory Container, specify the container for the Library object. 


Choosing the Library Name 


When you create the Library object, you must give the library a name. This is the name that is 
displayed in ConsoleOne. 


After you have specified the library’s name and created the Library object, the name cannot be 
changed. Therefore, if you have or will have other libraries, you should pick a name that uniquely 
identifies the library. For example, use the name to identify the post office it is assigned to. 
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Do not use any of the following invalid characters in the library’s name: 


ASCII characters 0-31 Comma , 


Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Backslash \ Parentheses ( ) 

Braces { } Period . 

Colon : Slash / 


By default, the library name that users see in the GroupWise client is the same as the Library object 
name. However, you can change the display name if you want it to be different from the Library 
object name. 


BASIC LIBRARY WORKSHEET 
Under Item 2: Library Name, specify the Library object name. 
Under Item 7: Library Description, provide a brief description of the planned use for the library. 


Under Item 8: Display Name, specify the library name you want users to see in the GroupWise client, if it is 
different from the Library object name. 


Deciding Where to Store Documents 


You can store documents at the post office in the post_office\gwdms\library\docs subdirectory 
of the post office. You can later add document storage areas outside the post office if DMS usage 
grows. However, the documents stored at the post office can never be moved. 


A document storage area has the same internal directory structure that is used to store documents at 
the post office, but it can be located anywhere in your system. Document storage areas can be moved 
easily, so it is easy to expand your document storage capacity when you store documents in 
document storage areas rather than at the post office. 


You might want to set up a document storage area on the same server where the POA runs so as not 
to increase network traffic. The POA can index and serve documents to users most efficiently if the 
document storage area is located locally. 


BASIC LIBRARY WORKSHEET 


Under Item 4: Store Documents at the Post Office?, mark Yes or No. (No is recommended for permanent 
document storage). 


To define a document storage area, you must know its direct access path. For example, a UNC path 
specifies the absolute location of the document storage directory. 


\\Windows_server\sharename\storage_directory 


For example: 


\\win7\c$\docs 
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NOTE: On Linux, ConsoleOne interprets a UNC path so that the first item in the UNC path is the 
Linux server hostname, followed by a Linux path to the document storage area. 


BASIC LIBRARY WORKSHEET 


If you entered No for Item 4, specify the direct access path under Item 6: Document Storage Area Path. 


Under Item 5: Document Storage Area Description, enter a useful description of the document storage area. 
(This description is displayed only in ConsoleOne.) 


If you need to add a document storage area to the initial library that was created with the first post 
office in your GroupWise system, use the Storage Areas properties page of the Library object in 


ConsoleOne to provide the direct access path, as described in “Adding a Document Storage Area” on 
page 345. 


Setting Up a Basic Library 


You should already have reviewed Section 22.1, “Planning a Basic Library,” on page 324 and filled 


out Section 22.7.1, “Basic Library Worksheet,” on page 355. Complete the following tasks to set up a 
new basic library: 


+ Section 22.2.1, “Creating the Basic Library,” on page 326 
+ Section 22.5, “Viewing a New Library in Your GroupWise System,” on page 341 


Creating the Basic Library 


To create a new library: 


1 Make sure the POA is running for the post office that will own the new basic library. 


2 In ConsoleOne, browse to and right-click the Novell eDirectory container where you want to 
create the library (worksheet item 1), then click New > Object. 


New Object 


Create object in: 
By CORP_TREE/GroupWise 


Class: 


GroupWise Distribution List 


e GroupWise Domain 

lai GroupWWise External Entity 
i ” GroupWise Library 

CD GroupWise Post Office 
ia Groupise Resource 


3 Double-click GroupWise Library, then fill in the fields in the Create GroupWise Library dialog 
box (worksheet items 2 through 6). 
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KS Create GroupWise Library 


Library Name: 


GroupWise Post Office: 


Document Storage Area 


Documents may be stored atthe post office 
or in one or more storage areas. Storage 
areas can also be added once the library has 
been created. 


IV Store documents at post office 


T Define additional properties 
T Create another Library 


4. Click Define Additional Properties, then click OK to create the Library object and display the 
library Identification page. 


Properties of Marketing Library 
‘GroupWise "| General | NDS Rights + | Other | Rights to Files and Folders | 


Post Office: Provo3 Marketing 


Description: 


Start Version Number: 4 X 
Maximum Archive Size: 0 5 Bytes 


Display Name: [Marketing Library 


Distinguished Name: Marketing Library.GroupWise 


Page Options... 


5 Fillinthe Description field (worksheet item 7). 

6 If necessary, edit the Display Name field (worksheet item 8). 

7 Click OK to save the library information. 

8 Testthe new library. See Section 22.5, “Viewing a New Library in Your GroupWise System,” on 
page 341. 


Although there are many configuration options for libraries and documents, as described in 
Section 22.3, “Planning Full-Service Libraries,” on page 328, no additional setup is required for a 
basic library. GroupWise client users can begin to store documents in the new library at once. 
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Planning Full-Service Libraries 


If your document management reguirements go beyond basic libraries, you can create one or more 
full-service libraries. You might or might not need to make use of all document management features 
in order to meet your DMS users’ needs. 


This section covers everything you should consider when you set up full-service libraries. The “Full- 
Service Library Worksheet” on page 356 lists all the information you need as you set up a full-service 
library. You should print a copy of the worksheet for each library you plan to create. Fill out the 
worksheet for each library as you complete the tasks listed below. 

+ Section 22.3.1, “Deciding Which Libraries to Create,” on page 328 

+ Section 22.3.2, “Selecting the Post Offices To Own Libraries,” on page 332 

+ Section 22.3.3, “Determining the Contexts for Library Objects,” on page 332 

+ Section 22.3.4, “Choosing Library Names,” on page 332 

+ Section 22.3.5, “Deciding Where to Store Documents,” on page 333 

+ Section 22.3.6, “Setting Document Version Options,” on page 335 

+ Section 22.3.7, “Figuring Maximum Archive Directory Size,” on page 335 

+ Section 22.3.8, “Designating Initial Librarians,” on page 336 

+ Section 22.3.9, “Restricting Initial Public Library Rights,” on page 337 

+ Section 22.3.10, “Determining Your Indexing Needs,” on page 338 

+ Section 22.3.11, “Determining If You Need to Set Up Integrations for DMS Users,” on page 338 


After you have completed the above tasks and filled out the worksheets, you are ready to continue 
with Section 22.4, “Setting Up a Full-Service Library,” on page 338. 


Deciding Which Libraries to Create 


When designing a system of libraries for your GroupWise system, you should review the following 
considerations: 


+ “Library Access for DMS Users” on page 328 
+ “Centralized vs. Decentralized Library Configurations” on page 328 


+ “Library Specialization” on page 331 


Library Access for DMS Users 


Client/server access is the preferred access mode for GroupWise client users. It is the best access 
mode for DMS users because it enables them to access libraries outside their own post offices. 


For information about access modes, see Section 35.4, “Post Office Access Mode,” on page 476. 


Centralized vs. Decentralized Library Configurations 


Reorganizing existing libraries is not a simple process. Therefore, you should determine whether you 
want a centralized or decentralized library configuration before you start creating libraries. 

+ “Centralized Libraries” on page 329 

+ “Decentralized Libraries” on page 330 


+ “Comparative Scenarios” on page 331 


328 GroupWise 2012 Administration Guide 


Centralized Libraries 


Centralized libraries are located in a post office that is dedicated to libraries (no users). Centralized 
libraries are serviced by the POA in the dedicated DMS post office, as shown in the following 


illustration: 


Figure 22-1 Centralized Libraries 
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In the illustration, notice that all libraries belong to the DMS post office, which has no users. All 
GroupWise client users are using client/server access mode, which is required because there are no 
libraries in their local post offices. Each user has access to all four libraries through TCP/IP links to 
the DMS POA. 
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The following table lists some advantages and disadvantages of centralized libraries: 


Advantages Disadvantages 


* Administration can be consolidated, allowing one + You must create and maintain a post office that is 


administrator to specialize in document dedicated to libraries only (no users). 

management: + This configuration guarantees that all document 
+ Backup can be easier with hardware dedicated to searching and accessing is back and forth 

one DMS post office, such as optical drives, between users’ post offices and the libraries’ post 

RAID, fast backup units, and so on. office, possibly degrading network performance. 
+ Ifa post office server other than the one + Ifthe post office server dedicated to libraries 

dedicated to libraries goes down, DMS access is goes down, DMS is unusable for the whole 

unaffected for users in the remaining post offices. GroupWise system. 


Decentralized Libraries 


Decentralized libraries are located along with users in different post offices. Decentralized libraries 
are serviced by their own local POAs as shown in the following illustration: 


Figure 22-2 Decentralized Libraries 
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In the illustration, notice that each post office has its own library. Users can see each others’ libraries 
as well as their own because of client/server access mode. 


The following table lists some advantages and disadvantages of decentralized libraries 
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Advantages Disadvantages 


* Network traffic is minimized because most ¢ Libraries and their documents are scattered over 
document accessing are in users' local post different servers, adding to your administrative 
offices. workload (such as doing backups). 


+ You do not need to maintain an extra DMS post 
office dedicated to libraries only. 


+ Users in a post office where a library resides 
can use direct access mode if necessary. 


Comparative Scenarios 


The following scenarios further illustrate the differences between centralized and decentralized 
libraries: 


+ Assume that you assigned your first library to the same post office your users have membership 
in. By initially assigning a library to the same post office as your users, you establish a 
decentralized configuration for future libraries. You now want a centralized library 
configuration. However, because you cannot reassign the library to another post office, you 
must do one of the following: 


+ Create one or more new libraries under a DMS post office, export all of the documents from 
the first library and import them to the new libraries, delete the first library, and then 
ensure that users can locate their documents. 


+ Create one or more new libraries under a DMS post office and have your librarian use mass 
document operations to move the documents from the first library to the other libraries, 
delete the first library, and then ensure that users can locate their documents. 


+ Assume that you assigned your first library to a DMS post office that is used only for libraries. 
Now you can use either the centralized or decentralized library configuration for your 
additional libraries. The DMS post office can be used for all future libraries to create a 
centralized configuration, or you could assign future libraries to other post offices and leave that 
first one where it is, giving you a decentralized configuration. Setting up your first library on a 
post office server dedicated to only libraries allows you to use either configuration option. 
However, this method initially requires additional hardware and administration. 


Library Specialization 


You can create libraries for such user specialties as administration, accounting, development, human 
resources, legal, marketing, manufacturing, payroll, R&D, sales, shipping, and so on. You can also 
specialize libraries by such functions as general (for all users), administration (including legal and 
payroll), engineering and documentation development (R&D), marketing and sales, manufacturing 
and shipping, and so on. 


You can also use specialization to provide security for sensitive libraries. You do this by setting up 
access restrictions for the libraries. The default is for all DMS users to have access to all libraries in the 
GroupWise system. For more information about restricting library access, see Section 22.6.3, 
“Managing Library Access,” on page 348. 


Restricting library access can also improve users’ search time. When users install the GroupWise 
client on their workstations, they are either automatically assigned a default library (if there is one on 
their post office), or they are asked to select one from the libraries they have access to. By default, 
DMS searches are performed only on the user’s default library. To search other libraries (“global” 
search), users can select other libraries using the Look In list in the Find dialog box. If you limit users’ 
access to libraries (perhaps by department), their global searches would also be faster. 
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22.3.4 


Another reason for creating specialized libraries could be for different library configuration needs. 
For example, each library could have specialized document types and document properties that 
would not be needed in other libraries. For a review of document types and properties, see 
Section 21.3, “Documents,” on page 318. For more detailed information, see “Customizing the 
Default Document Type Property” on page 363 and Section 23.2.1, “Customizing Document 
Properties,” on page 362. 


Specialization can also facilitate library management activities, such as controlling library 
accessibility for individual users or groups of users, or managing different uses of document types, 
document properties, or field label naming schemes. 


Selecting the Post Offices To Own Libraries 


Asaresult of deciding whether you want to use a centralized or decentralized configuration for your 
libraries and whether or not you need specialized libraries, you should have a good idea of what post 
offices you want to create libraries in. 


If you are using a centralized configuration, create the DMS post office by following the instructions 
in Chapter 11, “Creating a New Post Office,” on page 173, then return to this point. 
FULL-SERVICE LIBRARY WORKSHEET 


Under Item 3: Post Office, specify the name of the post office that will own the new library. 


Determining the Contexts for Library Objects 


You can create a Library object in any container in the eDirectory tree. For example, you could create 
the Library object in the same container as its Post Office object. Or you could create it in a special 
container just for Library objects: 


The containers in which you place the Library objects have no bearing on whether your libraries are 
centralized or decentralized. Library objects can be located anywhere in the tree, no matter which 
post offices the libraries belong to. 


FULL-SERVICE LIBRARY WORKSHEET 


Under Item 1: eDirectory Container, specify the name of the eDirectory container where you want to create the 
new library. 


Choosing Library Names 


A library’s name must be unique within the post office; it also must be unique within its container. 
You should devise a naming scheme that helps to identify all libraries in the GroupWise system. It 
can be useful to include within the library name an indication of which post office it belongs to. 


After you have specified the library’s name and created the Library object, the name cannot be 
changed. 


Do not use any of the following invalid characters in the library’s name: 


ASCII characters 0-31 Comma , 


Asterisk * Double quote " 
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At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 


Backslash \ Parentheses () 
Braces { } Period . 
Colon : Slash / 


By default, the library name that users see in the GroupWise client is the same as the Library object 
name. However, you can change the display name if you want it to be different from the Library 
object name. 


FULL-SERVICE LIBRARY WORKSHEET 


Under Item 2: Library Name, specify the Library object name. 
Under Item 7: Library Description, provide a brief description of the planned use for the library. 


Under Item 10: Display Name, specify the library name you want users to see in the GroupWise client, if it is 
different from the Library object name. 


Deciding Where to Store Documents 


When deciding where to store documents, you should review the following considerations: 


+ “Document Storage Location” on page 333 
+ “Disk Space Requirements” on page 333 


+ “Direct Access Paths to Document Storage Areas” on page 334 


Document Storage Location 


Documents belonging to full-service libraries should not be stored at the post office. Instead, they 
should be stored in document storage areas. For a review, see Section 21.2, “Document Storage 
Areas,” on page 317. 


A library can have more than one document storage area. The only requirement is that the POA that 
services the library must have direct network access (mapped drive or mounted file system) to each 
storage area. 


You can set up one document storage area for each library as you create the Library object. 
Additional document storage areas can be set up using the Storage Areas properties page of the 
Library object, as described in “Adding a Document Storage Area” on page 345. 


Disk Space Requirements 


You need to know the disk space requirements for your libraries in order to choose appropriate 
locations for document storage areas. 


If you have chosen a centralized library configuration, your document storage areas are all serviced 
by the POA of the DMS post office. Therefore, you can calculate the disk space requirements for your 
GroupWise system as a whole. If you have chosen a decentralized configuration, document storage 
areas are located throughout your GroupWise system. Therefore, disk space requirements must be 
calculated separately for each library. 
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If your current document storage statistics are an accurate indicator for a given library or for your 
system, use them for calculating your disk space reguirements. Otherwise, use the following formula 
for determining DMS storage needs: 


Formula: 


Number of Users 
x Average Number of Documents per User 
x Average Document Size 
x Average Number of Versions per Document 


Disk Space Reguired for Library 


Example: 


250 Users 
x 200 Documents per User 
x 50 KB per Document 
x 10 Versions per Document 


25 GB of Disk Space 


Users might create a new version of a document any time they revise it. Because all versions of a 
document are saved in BLOB storage with the original document, disk space can be used up quickly! 
If you know how many versions per document your users average, use that value in the formula; 
otherwise, allow for an average of at least ten versions per document. 


If your Average Document Size value for the formula is based on non-GroupWise documents, they 
will be compressed by about 50% after they have been imported into GroupWise and stored in 
BLOBs. 


You should research your current or expected document usage before deciding where to store 
documents. 
FULL-SERVICE LIBRARY WORKSHEET 


Under Item 4: Document Usage Estimate, enter the requested values and calculate the resulting disk space 
requirements. 


If your values are calculated for the system (rather than per library), enter this information on only one of the 
worksheets. 


Direct Access Paths to Document Storage Areas 


To define a document storage area, you need to know its direct access path. For example, a UNC path 
specifies the absolute location of the document storage directory. 


\\Windows_server\sharename\storage_ directory 
For example: 


\\win2008\c$\docs 


NOTE: On Linux, ConsoleOne interprets a UNC path so that the first item in the UNC path is the 
Linux server hostname, followed by a Linux path to the document storage area. 


You might want to set up a document storage area on the same server where the POA runs so as not 
to increase network traffic. The POA can index and serve documents to users most efficiently if the 
document storage area is located locally. 
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FULL-SERVICE LIBRARY WORKSHEET 


Under Item 6: Document Storage Area Path, specify the direct access path. 


Under Item 5: Document Storage Area Description, provide a useful description of the document storage area. 
(This description is displayed only in ConsoleOne.) 


Setting Document Version Options 


When you create a new library, you can establish how document versions are handled. For an 
overview of document versioning, see “Maximum Versions” on page 320. 


+ “Official Version” on page 335 
+ “Start Version Number” on page 335 


Restricting the maximum number of versions should be done after the library has been created, as 
described in Section 22.6.1, “Editing Library Properties,” on page 343. 


Official Version 


By default, any user can establish the official version of a document. However, you can remove that 
right from one or more users if needed. 
FULL-SERVICE LIBRARY WORKSHEET 


Under Item 11: Restrict Public Access Rights, cross out Designate Official Version if you want to eliminate that 
right for all users. 


You can later grant the Designate Official Version to specific users or distribution lists, as described in 
Section 22.6.3, “Managing Library Access,” on page 348. 


Start Version Number 


You must set the start number for each library to either 0 (zero) or 1. The default is 1. This number 
identifies the original document. 


Version numbers are automatically increased from the number you select. If you select 0, the first 
version of a document will be 000. If you select 1, the first version will be 001. 
FULL-SERVICE LIBRARY WORKSHEET 


Under Item 8: Start Version Number, select 0 or 1. 


Figuring Maximum Archive Directory Size 


Documents created with GroupWise DMS can be archived, depending on their Document Type 
properties. A document's type determines its disposition, such as archiving or deleting. For more 
information, see “Customizing the Default Document Type Property” on page 363. 


When you archive documents, their BLOB files are moved into archive directories. Each library in a 
document storage area has its own set of archive directories that are automatically created as needed. 
They are named arxxxxxx (where xxxxxx is an incremental integer with leading zeros). A document 
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storage area has the same archive directory structure as the gwdms subdirectory in the post office, as 
illustrated in “Post Office Directory” in GroupWise 2012 Troubleshooting 3: Message Flow and Directory 
Structure. 


When a document is archived, GroupWise determines if the document's BLOB file can fitin the 
current archive directory. If it cannot fit, another archive directory is created and the BLOB is 
archived there. 


An archive set consists of all documents in one archive directory. The Maximum Archive Size 
property on the Library object establishes in bytes each archive directory's size limit. You should set 
this to mirror the capacity of your archival medium (such as a CD or DVD). It should not be more 
than your archival medium’s capacity. 


It is usually better to keep archive sets small in comparison to the size of the backup medium. This 
lets you back up archive directories often enough to keep your hard disk space from being used up 
too guickly between backups. For example, if your backup medium has 1 GB capacity, you could 
limit your archive sets to a maximum archive size of 200 MB. 


If your archival system only lets you back up in one pass (in other words, you cannot perform 
consecutive backups to the medium), the Maximum Archive Size should match the archival 
medium’s capacity. 


Some archival mediums reguire extra space for recording file storage data, such as an index of the 
files stored to tape. Ten percent is usually sufficient. For example, a tape system with 100 MB capacity 
means you should set your Maximum Archive Size to 90 MB. 


Consult your archival medium documentation for information on setting up an effective backup 
strategy. Include in your strategy such concepts as multiple archive sets per backup medium, or 
allowing extra space for the medium's file storage data. 
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Under Item 9: Maximum Archive Size, enter a number (in bytes, with no abbreviations or commas). 


Designating Initial Librarians 


A librarian has full rights to the properties of every document in the library, and can therefore 
perform management tasks on all library documents. You can assign yourself as a librarian. You can 
also delegate these tasks by assigning responsible users in each library as librarians. Any GroupWise 
user who normally has access to the library can be a librarian. You can also have multiple librarians 
for each library. 


When you first create a new library, you might want to simply designate yourself as the librarian and 
assign other users later. For more detailed information, see Section 22.6.4, “Adding and Training 
Librarians,” on page 350. 


ADDITIONAL LIBRARIES WORKSHEET 


Under Item 12: Librarians, list any users that you want to function as librarians for the new library. 
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Restricting Initial Public Library Rights 


The rights to documents in a library apply to the library as a whole; therefore, they are referred to as 
public rights. By default, all public rights are granted to all users in a new library. 


You can restrict which GroupWise library features individual users or distribution lists should have 
by removing the public rights and then restoring them for selected users or distribution lists. 


The following table summarizes the public library rights: 


Public Right Description 


Add Allows users to add new documents to the library. 
Change Allows users to make changes to existing documents in the library. 
Delete Allows users to delete documents, regardless of who else created them or has rights to the 


documents. However, to be able to delete a document, users must also have rights to locate 
and modify the document (View and Change rights), in addition to the Delete right. 


View By itself, this right allows searching, viewing, or copying documents, but does not permit 
editing them. Copies can be edited, because a copy is saved as a separate document. 
Therefore, editing a copy does not affect the original document or any of its versions. 


Designate Allows any version of a document to be designated as the official version. The official version, 
Official Version which is not necessarily the most recently-edited version, is the one located in searches. 


The official version is usually determined by the creator or author of the document. However, 
the official version can be designated by the last user to edit the document (if the user has this 
right). A user also needs the Change right to the document to be able to designate an official 
version. However, you might still want to deselect this as an initial public right. 


Reset In-Use The In-Use flag protects against data loss by preventing multiple users from concurrently 

Flag opening the same document. The purpose of the Reset In-Use Flag right is to allow a user or 
librarian to reset a document's status when the document is in use by someone else or when 
itis erroneously flagged as in use. 


Because you can manually reset the In-Use flag to change a document's status, even ifthe 
document is currently open, you should use prudence in allowing users the public right to 
change the In-Use flag. You might want to deselect this as a public right. 
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Under Item 11: Restrict Public Access Rights, cross out any public rights you want to eliminate for all users. 


You can later grant the rights to specified users or groups, as described in Section 22.6.3, “Managing Library 
Access,” on page 348. 


Rights to individual documents in a library can be modified at any time by the user listed as the 
creator or author of the document. Just because users might have public rights in a library does not 
mean that they have the eguivalent rights to every document in the library. For additional 
information on rights, see “Sharing Documents” in “Document Management” in the GroupWise 2012 
Windows Client User Guide. 
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22.3.10 


22.3.11 


22.4 


22.4.1 


Determining Your Indexing Needs 


The POA performs many tasks in the post offices, as described in Section 35.5, “Role of the Post 
Office Agent,” on page 477. Indexing documents is just one of its many functions. 


If necessary, you can configure an extra POA on another server to handle indexing. Separating POA 
functions can optimize the processing load for the respective POAs, particularly if your GroupWise 
system will regularly search and index a large number of documents. 


If you feel you might need dedicated indexing for DMS documents, see Section 23.3, “Indexing 
Documents in Libraries,” on page 374 for in-depth information on different configurations. Then 
determine whether you need dedicated indexing. 


FULL-SERVICE LIBRARY WORKSHEET 


Under Item 13: Dedicated POA for Indexing, mark whether or not you plan to setup a separate indexing POA. 


Determining If You Need to Set Up Integrations for DMS Users 


For an overview of integrations, see Section 21.4, “Integrations,” on page 321. To determine if you 
should set up integrations for a given application, see Chapter 24, “Integrations,” on page 387. 


ADDITIONAL LIBRARIES WORKSHEET 


Under Item 14: Set Up Integrations, mark whether or not you need to manually set up integrated applications 
for your DMS users. 


Setting Up a Full-Service Library 


You should have already reviewed Section 22.3, “Planning Full-Service Libraries,” on page 328 and 
filled out Section 22.7.2, “Full-Service Library Worksheet,” on page 356 for each new library. Before 
starting to create new libraries, be sure your system meets the following prerequisites: 

¢ Make sure the eDirectory contexts exist where you will create new Library objects. 


+ Make sure the post offices exist that will own the new libraries. If you are using a centralized 
configuration, make sure you have created the DMS post office that will own all the libraries by 
following the instructions in Chapter 11, “Creating a New Post Office,” on page 173. 


+ Make sure the POA is running for each post office that will own a new library. 


+ Make sure you have access to the physical locations where you will set up document storage 
areas. 


After the prerequisites are met, you are ready set up one or more full-service libraries. 


+ Section 22.4.1, “Creating the Full-Service Library,” on page 338 
+ Section 22.5, “Viewing a New Library in Your GroupWise System,” on page 341 
+ Section 22.4.2, “What's Next,” on page 340 


Creating the Full-Service Library 


1 Make sure you are logged in to the eDirectory tree where you want to create the library. 


This must be the same tree as the post office the library will belong to (worksheet item 3). 
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2 In ConsoleOne, browse to and right-click the eDirectory container where you want to create the 
library (worksheet item 1), then click New > Object. 


New Object 


Create object in: 
4 CORP. TREE/GroupWise 


Class: 


ISB GroupWise Distribution List 
© GroupWise Domain 

[ai GroupWise External Entity 
äi 7 GroupWise Library 

Cla GroupWise Post Office 

@ GroupWise Resource 


3 Double-click GroupWise Library, then fill in the fields in the New Library dialog box (worksheet 
items 2 through 6). 


KS Create GroupWise Library 


Library Name: 


GroupWise Post Office: 


; Document Storage Area 
Documents may be stored atthe post office 
orin one or more storage areas. Storage 
areas can also be added once the library has 
been created. 


IV Store documents at post office 


T Define additional properties 
T Create another Library 


4 Click Define Additional Properties, then click OK to create the new Library object and display the 
library Identification page. 


Properties of Marketing Library 


‘oupWise + | General | NDS Rights + | Other | Rights to Files and Folders | 
identification 


Post Office: Provo3.Marketing 


Description: 


Start Version Number: 4 X 
Maximum Archive Size: 0 el Bytes 


Display Name: [Marketing Library 


Distinguished Name: Marketing Library GroupWise 


Page Options... 


5 Fillinthe fields (worksheet items 7 through 10). 
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6 Click GroupWise > Rights to display the Rights page. 


10 


Properties of Development Library 


GroupWise + | General | NDS Rights + | Other | Rights to Files and Folders 
Rights 


Public Rights 


IV Add V View 


[V Change IV Set official version 


Delete Reset in-use flag 


Individual or Distribution List Rights 


OK Cancel Apply Help 


In the Public Rights box, deselect any rights you want to remove from all library users 
(worksheet item 11). 


If you want to set up one or more librarians, click Add, browse to and select one or more users or 
distribution lists (worksheet item 12), then click OK. Select the users and distribution lists, then 
select Manage (Librarian) to give them rights to the properties of all documents in the library. 


Click OK to save the library information. 


Test the library. See Section 22.5, “Viewing a New Library in Your GroupWise System,” on 
page 341. 


22.4.2 What's Next 


After you have created the new library, you can expand its capabilities as needed: 


+ 


Import and manage documents. 


See Chapter 23, “Creating and Managing Documents,” on page 359. 
Set up integrated applications for DMS users (worksheet item 14). 
See Chapter 24, “Integrations,” on page 387. 

Grant library rights to specific users or distribution lists. 

See Section 22.6.3, “Managing Library Access,” on page 348. 

Assign librarians. 

See Section 22.6.4, “Adding and Training Librarians,” on page 350. 
Set up multiple document storage areas. 

See “Adding a Document Storage Area” on page 345. 

Set up a dedicated indexing POA (worksheet item 13). 


See Section 23.3, “Indexing Documents in Libraries,” on page 374. 
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22.5 


22.5.1 


Viewing a New Library in Your GroupWise System 


After you create a new library, you can see it in ConsoleOne and GroupWise client users can see it in 


the GroupWise client. 


+ Section 22.5.1, “Seeing the New Library in ConsoleOne,” on page 341 


+ Section 22.5.2, “Seeing the New Library in the GroupWise Windows Client,” on page 342 


Seeing the New Library in ConsoleOne 


In the Console View in ConsoleOne, you can see the new Library object in the context of its 


eDirectory container object. 


Figure 22-3 Console View Showing the New Library Object 
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In the GroupWise View, you can see the relationship between the new library and the post office it 
belongs to. 

To locate the library in the GroupWise view: 


1 Expand the GroupWise System object. 
2 Expand the Domain object where the owning post office resides. 


3 Select the owning post office. 


Creating and Managing Libraries 341 


4 Inthe drop-down list of objects, select Libraries. 


Novell ConsoleOne 
File Edit View Tools Help 


+ Q Ey D © Q KS @ Libraries bi 
| H-A Sales 
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22.5.2 Seeing the New Library in the GroupWise Windows Client 


GroupWise Windows client users can see that a new library has been created. They can set it as their 
default library if desired. 


In the GroupWise client: 


1 Click Tools > Options > Documents. 


Documents Setup 


Library names: Properties... 


Accounting Library 


Development Library (Default Set Default 


Research Library 


Library Configuration | Integrations | General! 


The Library Configuration tab should include the new library. 


2 Selectthe new library, click Set as Defnult, then click OK to use the new library as the default 
location for storing documents and searching for documents. 


22.6 Managing Libraries 


As your GroupWise DMS system grows and evolves, you might need to perform the following 
activities: 


+ Section 22.6.1, “Editing Library Properties,” on page 343 
+ Section 22.6.2, “Managing Document Storage Areas,” on page 345 
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+ Section 22.6.3, “Managing Library Access,” on page 348 

+ Section 22.6.4, “Adding and Training Librarians,” on page 350 
+ Section 22.6.5, “Maintaining Library Databases,” on page 354 
+ Section 22.6.6, “Moving a Library,” on page 354 

+ Section 22.6.7, “Deleting a Library,” on page 354 


22.6.1 Editing Library Properties 


After creating a library, you can change some library properties. Other library properties cannot be 
changed. 


1 In ConsoleOne, browse to and right-click the Library object, then click Properties to display the 
library Identification page. 


Properties of Marketing Library 
|| General | NDS Rights + | Other | Rights to Files and Folders | 


Post Office: Provo3 Marketing 


Description: 


Start Version Number: (1 X 
Maximum Archive Size: 0 = Bytes 


Display Name: [Marketing Library 


Distinguished Name: Marketing Library.GroupWise 


Page Options... 


2 Change editable fields as needed. For information about individual fields, click Help. 


3 Click GroupWise > Storage Areas to display the Storage Areas page. 
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Properties of Development Library 


GroupWise + | General | NDS Rights + | Other | Rights to Files and Folders 
Storage Areas 


Click a check box to use a storage area. To prevent data loss, a storage area record should never be deleted if data is stored at 
its path location. 


Storage Areas: 


IV Development Doc Storage Area 


T Store documents at post office 


Page Options... 


All document storage areas associated with the library are listed, no matter where they are 


located. On this page, you can add, move, and delete document storage areas. See Section 22.6.2, 
“Managing Document Storage Areas,” on page 345. 


4 Click GroupWise > Rights to display the library Rights page. 
Properties of Development Library 
GroupWise + | General | NDS Rights + | Other | Rights to Files and Folders 


Rights 


p Public Rights - 


F Add M View 
IV Change IV Set official version 
IV Delete D Reset in-use flag 


Individual or Distribution List Rights 
adharmapalan Marketing Provo3 


stevens Sales Provo2 
mbarnard Development Provot 


T Manage (Librarian) 

M Ada F 

F Ms 

W IV Reset in-use flag 


Page Options... OK Cancel Apply Help 


Public library rights granted to all users are selected in the Public Rights box. The Individual and 
Distribution List Rights box shows any additional rights that have been granted to specific users. 


See Section 22.6.3, “Managing Library Access,” on page 348 and Section 22.6.4, “Adding and 
Training Librarians,” on page 350. 


5 Click OK to save changes to the library properties. 


GroupWise 2012 Administration Guide 


22.6.2 


Managing Document Storage Areas 


For a review, see Section 21.2, “Document Storage Areas,” on page 317 and Section 22.1.4, “Deciding 
Where to Store Documents,” on page 325. 


Typically, the initial document storage area for a library is set up when the library is created. 
Thereafter, you can create additional document storage areas as the library grows. You can move a 
document storage area to a location where more storage is available. You can delete a document 
storage area if itis no longer used. 

+ “Adding a Document Storage Area” on page 345 

+ “Moving a Document Storage Area” on page 346 


+ “Deleting a Document Storage Area” on page 347 


Adding a Document Storage Area 


To help you plan where to create the new document storage area, see Section 22.1.4, “Deciding Where 
to Store Documents,” on page 325. 


To create a new document storage area for a library: 


1 In ConsoleOne, browse to and right-click the Library object, then click Properties. 
2 Click GroupWise > Storage Areas to display the Storage Areas page. 


Properties of Development Library 
GroupWise + | General | NDS Rights ~ | Other | Rights to Files and Folders 
Storage Areas 
Click a check box to use a storage area. To prevent data loss, a storage area record should never be deleted if data is stored at 
its path location. 


Storage Areas: 


IV Development Doc Storage Area 


T Store documents at post office 


Page Options... 


Existing document storage areas are listed. 


3 Click Add to create a new document storage area. 
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Create Document Storage Area 


A storage area's path must be used by only one library and should never be modified unless the 
storage area is empty. 


Description: 


UNC Path: 


Apple Talk Zone: 


Linux Path: 


4 Provide a description for the document storage area. 


5 Specify the UNC path to the directory where you want to create the document storage area. 


If the directory does not exist, it will be created as the document storage area is set up. 


As analternative, you can specify an AppleTalk zone to store documents on an Apple computer, 
or you can specify a Linux path to store documents on a Linux server. The POA that will service 
the library must have direct access to the location you specify. 


Click OK to create the new document storage area and add it to the list of storage areas for the 
library. 


If you have multiple document storage areas selected in the Storage Areas list, new and modified 
documents could be added to any one of them. 


If you want to stop storing documents in the previous document storage area, deselect it in the 
Storage Areas list. 


Click OK to save the document storage area information. 


Moving a Document Storage Area 


You might choose to move a document storage area if it is close to exceeding the available disk space 
at its current location and you do not want to create an additional document storage area. 


1 Stop the POA that services the library. 
2 Copy the document storage area directory and all of its contents to the desired location. 


3 Make sure that the POA has access to the new location so that it can read and write documents 


in the document storage area. 


4 In ConsoleOne, browse to and right-click the Library object, then click Properties. 


Click GroupWise > Storage Areas to display the Storage Areas page. 
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Properties of Development Library 
GroupWise + | General | NDS Rights ~ | Other | Rights to Files and Folders 
Storage Areas 
Click a check box to use a storage area. To prevent data loss, a storage area record should never be deleted if data is stored at 
its path location. 


Storage Areas: 


IV Development Doc Storage Area 


T Store documents at post office 


Page Options... 


Existing document storage areas are listed. 
6 Select a document storage area, then click Edit. 


7 Provide the new location for the document storage area, then click OK twice to save the new 
document storage information. 


8 Restart the POA. 


Deleting a Document Storage Area 


When you delete a document storage area, any documents in the document storage area are moved 
to other valid document storage areas for the library. If you want to move documents to a specific 
location before deleting the document storage area, see Section 23.1.3, “Managing Groups of 
Documents,” on page 361. 


To delete a document storage area: 


1 In ConsoleOne, browse to and right-click the Library object that owns the document storage 
area, then click Properties. 


2 Click GroupWise > Storage Areas to display the Storage Areas page. 
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Properties of Development Library 
GroupWise + | General | NDS Rights v | Other | Rights to Files and Folders 
Storage Areas 
Click a check box to use a storage area. To prevent data loss, a storage area record should never be deleted if data is stored at 
its path location. 


Storage Areas: 


IV Development Doc Storage Area 


T Store documents at post office 


Page Options... | 


22.6.3 


3 Selecta document storage area, then click Delete. 


4 Click OK to close the Storage Areas page 


If the above steps are not successful in deleting a document storage area, perhaps because one or 
more documents were in use during the deletion process, you can use the Analyze/Fix Library action 
of Mailbox/Library Maintenance, with the Remove Deleted Storage Areas and Move Documents First 
options selected, to finish cleaning up the deleted document storage area. For more information, see 
Chapter 28, “Maintaining Library Databases and Documents,” on page 415. 


Managing Library Access 


Access to libraries is controlled by the rights users have to the Library object. By default, when a new 
library is created, all of the following rights are granted: 


Public Right 


Add 
Change 


Delete 


View 


Designate Official 
Version 


Description 


Allows users to add new documents to the library. 
Allows users to make changes to existing documents in the library. 


Allows users to delete documents, regardless of who created them or has rights to the 
documents. However, to be able to delete a document, users must also have rights to 
locate and modify the document (View and Change rights), in addition to the Delete right. 


By itself, this right allows searching, viewing, or copying documents, but does not permit 
editing them. Copies can be edited, because a copy is saved as a Separate document. 
Therefore, editing a copy does not affect the original document or any of its versions. 


Allows any version of a document to be designated as the official version. The official 
version, which is not necessarily the most recently edited version, is the one located in 
searches. 


The official version is usually determined by the creator or author of the document. 
However, the official version can be designated by the last user to edit the document (if 
the user has this right). A user also needs the Change right to the document to be able to 
designate an official version. 
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Public Right Description 


Reset In-Use Flag The In-Use flag protects against data loss by preventing multiple users from concurrently 
opening the same document. The purpose of the Reset In-Use Flag right is to allow a 
user or librarian to reset a document's status when the document is in use by someone 
else or when itis erroneously flagged as in use. 


In the GroupWise client the document properties Status field displays the current In-Use 
flag setting for a document. The Status field is automatically set to In Use when a 
document is opened and reset to Available when a document is closed. There can also 
be other values, such as Checked Out. A document cannot be checked out when its 
status is In Use. 


There are a variety of reasons for which you might want to restrict certain library rights, including: 
+ Your libraries are specialized by department and you want to restrict access to sensitive libraries, 
such as a payroll library. 


+ Your libraries are distributed across multiple post offices and you want to restrict the scope of 
user searches to only the libraries they should use, thereby speeding up searches. 


¢ Your libraries are distributed across multiple servers and you want to minimize network traffic. 


+ You have some users who should have more rights than other users to certain libraries. 
To restrict public rights while granting individual rights: 


In ConsoleOne, browse to and right-click the Library object, then click Properties. 
Click GroupWise > Rights to display the Rights page. 


In the Public Rights box, deselect the rights that you want to remove from all users. 


R WN RF 


Click Add, then browse to and select the users who need to have rights to the library. 


If the number is large, you might find it easier to create a distribution list for users who need 
rights. Then you can select one distribution list rather than multiple users. See Chapter 18, 
“Creating and Managing Distribution Lists,” on page 285 


5 In the Individual or Distribution List Rights box, select the users or distribution lists to grant rights 
to. 


6 Below the list, select the rights that you want to grant. 


Properties of Development Library 
GroupWise + | General | NDS Rights + | Other | Rights to Files and Folders 
Rights 
Public Rights 


[V Add NV View 


[V Change [V Set official version 


[V Delete [ Reset in-use flag 


Individual or Distribution List Rights 


adharmapalan Marketing Provo3 
stevens Sales Provo2 
mbarnard Development Provo1 


[ Manage (Librarian) 


F 
F 
[V Reset in-use flag 


Page Options... Cancel Apply 
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In the first example, only one user is granted the Reset In-Use Flag right. 


Properties of Development Library 
GroupWise + | General | NDS Rights + | Other | Rights to Files and Folders 
Rights 


Public Rights 


Add T View 


[ Change I Set official version 
I Delete T Reset in-use flag 


Individual or Distribution List Rights 


Engineers Development Provo 


[ Manage (Librarian) 


MV Add Vv View 


[V Change IV Set official version 


[V Delete [V Reset in-use flag 


Page Options... Cancel | Apply | Help | 


In the second example, only members of the Engineers group are granted any rights to the 
Development Library. 


7 Click OK to save the updated library rights information. 


22.6.4 Adding and Training Librarians 


When you first create a library, you might for convenience assign yourself as the initial librarian. As 
library activity increases you can add librarians, and if desired, remove yourself as a librarian. 


+ “Understanding the Role of the Librarian” on page 350 
+ “Setting Up a Librarian GroupWise Account (Optional)” on page 353 
+ “Assigning Librarians” on page 353 


Understanding the Role of the Librarian 


Keep in mind the following when assigning librarians: 


¢ “Librarian Identity” on page 350 
¢ “Librarian Functions” on page 351 


¢ “Librarian Rights” on page 351 


Librarian Identity 


Any GroupWise user with access to a library can be a librarian for the library. You can have multiple 
librarians for a single library. You can also assign a single user as a librarian for multiple libraries. 
Because being a librarian entails additional functions and rights in the library, you should choose 
responsible users as librarians. 


350 GroupWise 2012 Administration Guide 


Librarian Functions 
A librarian can perform the following actions: 


+ Check out a document without a copy. 

* Modify the properties of any document in the library. 

+ Copy documents to another library. 

+ Delete both documents and properties. 

+ Reassign document creators and authors to handle orphaned documents 

+ Reset a document's status (change the In-Use flag). 

+ View all activity log records of any document in the library. 

+ Restore document BLOBs from backup. 

+ Perform mass operations, such as moving, deleting, archiving, and changing properties. 


+ Perform searches (but not full-text searches) on documents that are not available for searching 
by regular users. 


+ Use GroupWise third-party APIs to generate reports on all library documents. 
All operations available to a normal user are also available to a librarian, as long as the security 


requirement discussed under “Librarian Rights” on page 351 is not compromised. The intention is 
that librarians can modify their own documents and document properties. 


All actions taken by a librarian are written to a document's activity log. 


Unless the librarian’s own GroupWise user ID is in the Author or Security fields, a librarian cannot 
perform the following functions: 

* Open a document 

+ View a document 

+ Save a document 

+ Check out a document with a copy 


To help new librarians get started, you should explain these librarian functions to them. You can also 
refer new librarians to the “librarian users” topic in the GroupWise client help. 


Librarian Rights 


In addition to the six public rights, libraries also have a Manage right. When you grant the Manage 
right to a GroupWise user, you designate that user as a librarian. The Manage right gives the librarian 
full access to the properties of every document in the library. However, the Manage right does not 
grant the librarian direct access to the content of any document. 


Because a librarian has full access to document properties, the librarian could add his or her own 
personal GroupWise user ID to the Author or Security field of a document, thus gaining access to the 
document's content. However, a high-priority email notification would automatically be sent to the 
original person listed in the Author field informing him or her of the action by the librarian. 
Therefore, document privacy is maintained. 


The following table lists the various librarian functions, and whether an email notification is sent if 
the function is performed. 
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Librarian Function 

Modify the Author or Security fields 

Copy a document 

Delete a document 

Replace a document with a copy from backup 


Perform a mass document operation (copy, 
move, delete, or archive documents; modify 
document properties) 


Reset a document's status (In-Use flag) 
Check out a document without a copy 
View the activity log of any document 


Generate reports on any documents (using 
GroupWise third-party APIS) 


Mass operation notifications do not specify what action was taken by the librarian; they only specify 


that an action was taken. 


The following table lists the document property fields that the librarian has rights to modify, and 


Notification? 

High-priority email to the author 
High-priority email to the author 
High-priority email to the author 
High-priority email to the author 


Mass operation emails 


None 
None 
None 


None 


whether an email notification is sent if the field is modified. 


Property Field Notification? 
Subject No 
Author Yes 
Security (sharing list) Yes 
Document Type No 
Version Description No 
Custom Fields No 
File Extension No 
Official Version No 
Current Version No 


If you remove the Manage right from a user, you must manually deselect any rights that the user 


gained from being made a librarian that the user did not previously have. 
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Setting Up a Librarian GroupWise Account (Optional) 


The Manage right is always in effect for those users who have been assigned as librarians. However, 
there might be times librarians want to act on their own accord without the possibility of seeing or 
modifying documents that belong to other users. 


To allow users assigned as librarians to act as normal GroupWise users, you could create a single 
librarian account for a library and have users who need to perform librarian tasks log in using the 
librarian GroupWise account and password instead of their own. 


If users assigned as librarians log in under a librarian GroupWise account, they do not have access to 
any documents they would normally have access to under their own accounts, except by altering the 
Author or Security fields. 


Assigning Librarians 
To add librarians to a library: 


1 In ConsoleOne, browse to and right-click the Library object, then click Properties. 
2 Click GroupWise > Rights to display the Rights page. 


3 Click Add, browse to and select the users that you want to assign as librarians, then click OK to 
return to the Rights page. 


Properties of Development Library 


GroupWise + | General | NDS Rights ~ | Other | Rights to Files and Folders 
Rights 


Public Rights 


Vv Add M View 


VW Change [V Set official version 


IV Delete [V Reset in-use flag 


Individual or Distribution List Rights 


aramirez Sales Provo2 
fthompson Marketing. Provo3 
ipangilinan Development Provo1 


[V Manage (Librarian) 


Page Options... OK | Cancel | Apply | Help 


4 Inthe Individual or Distribution List Rights box, select the librarian users, select Manage (Librarian), 
then click OK to save the library rights changes. 
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22.6.5 


22.6.6 


22.6.7 


Maintaining Library Databases 


The Mailbox/Library Maintenance feature of ConsoleOne offers database maintenance features to 
keep your library and document databases in good condition. See Chapter 28, “Maintaining Library 
Databases and Documents,” on page 415. It also helps you manage the disk space occupied by library 
and document databases and document storage areas. See Section 30.4, “Reducing the Size of 
Libraries and Document Storage Areas,” on page 428. 


When document creators or authors are removed from your GroupWise system, orphaned 
documents might be left behind. See Section 23.4.3, “Handling Orphaned Documents,” on page 385. 


To supplement your library maintenance procedures, you should back up your libraries and 
documents regularly. See Section 31.3, “Backing Up a Library and Its Documents,” on page 432. 


Moving a Library 


You cannot move a Library object from one location to another in the eDirectory tree. To accomplish 
the eguivalent, you can create a new library in the desired location, make yourself a librarian in both 
libraries, use a mass move operation in the Group Wise client to move the library’s documents from 
the old library into the new library, and then delete the old library. For instructions for these tasks, 
see: 

+ Section 22.2, “Setting Up a Basic Library,” on page 326 

+ Section 22.6, “Managing Libraries,” on page 342 

+ “Managing Groups of Documents” in “Document Management” in the GroupWise 2012 Windows 

Client User Guide 


As an alternative to moving the library, you can move just its document storage areas. See “Moving a 
Document Storage Area” on page 346. 


Deleting a Library 


You should not delete a library until you make sure that all documents still in the library are no 
longer needed. 


1 In ConsoleOne, browse to and right-click the Post Office object that owns the library to delete, 
then click Properties. 


2 Click GroupWise > Libraries to display the Libraries page. 
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22.7 


22.7.1 


Properties of Development 


‘GroupWise + | NDS Rights v | Other | Rights to Files and Folders 


i Libraries i 


Libraries: 


Development Library .GroupWise 


Page Options... 


| Cancel 


3 Selectthe library to delete, then click Delete. 


All document storages areas and documents are deleted along with the library. 


4 Click OK to close the Libraries page and complete the deletion of the library. 


Library Worksheets 


+ Section 22.7.1, “Basic Library Worksheet,” on page 355 


+ Section 22.7.2, “Full-Service Library Worksheet,” on page 356 


Basic Library Worksheet 


For instructions on how to use this worksheet, see Section 22.1, “Planning a Basic Library,” on 


page 324. 


Item 


1) eDirectory Container: 


2) Library Name: 


3) Post Office: 


Explanation 


Specify the eDirectory container where you will create the Library object. This 
could be the same container as the post office that the library is assigned to. The 
Library object cannot later be moved to a different location. 


For more information, see Section 22.1.2, “Determining the Context for the Library 
Object,” on page 324. 


Specify a name for the new library. Choose the name carefully. After the library is 
created, it cannot be renamed. 


For more information, see Section 22.1.3, “Choosing the Library Name,” on 
page 324. 


Indicate which post office the library will belong to. A library cannot later be 
assigned to a different post office. 


For more information, see Section 22.1.1, “Selecting the Post Office That the 
Library Will Belong To,” on page 324. 
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356 


Item 


4) Store Documents at the 
Post Office? 


+ No 


+ Yes 


5) Document Storage Area 
Description: 


6) Document Storage Area 
Path: 


7) Library Description: 


8) Display Name: 


Explanation 


Mark No unless you are absolutely certain you will never need to move the 
documents stored at the post office 


For more information, see Section 22.1.4, “Deciding Where to Store Documents,” 


on page 325. 


Provide a brief description for the document storage area, including such 
information as to which post office it belongs, its current capacity in megabytes, 
and the types of documents that might be stored in it. 


For more information, see Section 22.1.4, “Deciding Where to Store Documents,” 
on page 325. 


If you are not storing documents at the post office, specify the document storage 
area for the library. 


For more information, see Section 22.1.4, “Deciding Where to Store Documents,” 
on page 325. 


Provide a description for the library to help you identify its function in the system. 


For more information, see Section 22.1.3, “Choosing the Library Name,” on 
page 324. 


Specify the library name you want users to see in the GroupWise client, if it is 
different from the Library object name. 


For more information, see Section 22.1.3, “Choosing the Library Name,” on 
page 324. 


Full-Service Library Worksheet 


For instructions on how to use this worksheet, see Section 22.3, “Planning Full-Service Libraries,” on 


page 328. 


Item 


1) eDirectory Container: 


2) Library Name: 


Explanation 


Specify the name of the eDirectory container where you will create 
the Library object. This could be the same container as for the post 
office that owns the library. The Llbrary object cannot later be moved 
to a different context. 


For more information, see Section 22.3.3, “Determining the 
Contexts for Library Objects,” on page 332. 


Specify a name for the new library. Choose the name carefully. After 
the library is created, it cannot be renamed. 


For more information, see Section 22.3.4, “Choosing Library 
Names,” on page 332. 
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Item 


3) Post Office: 


4) Document Usage Estimate: 


a) Number of DMS users: 


b) Average number of documents per 
user: 


c) Average document size (bytes): 

d) Average number of versions per 
document: 

e) Total: (multiply a times b times c 
times d) 


5) Document Storage Area Description: 


6) Document Storage Area Path: 


7) Library Description: 


8) Start Version Number: 
+ 0 
+ 1 


9) Maximum Archive Size: 


10) Display Name: 


Explanation 


Specify the post office that the library will belong to. A library cannot 
later be assigned to a different library. 


If you will using a centralized library configuration and you have not 
yet created the DMS post office, follow the instructions in 

Chapter 11, “Creating a New Post Office,” on page 173 before you 
begin creating libraries. 


For more information, see Section 22.3.1, “Deciding Which Libraries 
to Create,” on page 328. 


Calculate how much disk space the new library will need in order to 
help you select a location where you will store documents. 


For more information, see Section 22.3.5, “Deciding Where to Store 
Documents,” on page 333. 


Provide a brief description for the document storage area, including 
such information as which library it belongs to, its current capacity in 
megabytes, and the types of documents stored in it. 


For more information, see Section 22.3.5, “Deciding Where to Store 
Documents,” on page 333. 


Specify the UNC path to the location where you want to create the 
initial document storage area for the post office. 


For more information, see Section 22.3.5, “Deciding Where to Store 
Documents,” on page 333. 


Provide a brief description for the new library, including what post 
office it belongs to, what types of documents will be stored in it, and 
so on. 


For more information, see Section 22.3.1, “Deciding Which Libraries 
to Create,” on page 328. 


Select 0 or 1. 
For more information, see Section 22.3.6, “Setting Document 


Version Options,” on page 335. 


Specify the maximum number of bytes to allow per archive directory. 
Use a size that conforms with your backup strategy and backup 
medium reguirements. 


For more information, see Section 22.3.7, “Figuring Maximum 
Archive Directory Size,” on page 335. 


Specify the library name you want users to see in the GroupWise 
client, if it is different from the Library object name. 


For more information, see Section 22.3.4, “Choosing Library 
Names,” on page 332. 
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Item 
11) Restrict Public Library Rights: 


+ Add 

* Change 

+ Delete 

+ View 

+ Designate Official Version 


+ Reset In-Use Flag 


12) Librarians: 


13) Dedicated POA for Indexing 
+ Yes 
+ No 

14) Set Up Integrations 


+ Yes 


+ No 
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Explanation 


Cross out any public library rights you do not want all users to have. 


For more information, see Section 22.3.1, “Deciding Which Libraries 
to Create,” on page 328 or Section 22.3.6, “Setting Document 
Version Options,” on page 335. 


List any users you want to have full rights to all documents in the 
library. 


For more information, see Section 22.3.8, “Designating Initial 
Librarians,” on page 336. 


Mark whether or not you want to configure and run a separate POA 
dedicated to indexing documents. 


For more information, see Section 22.3.10, “Determining Your 
Indexing Needs,” on page 338. 


Mark whether or not you need to manually set up integrations. 


For more information, see Chapter 24, “Integrations,” on page 387. 


23.1 


23.1.1 


Creating and Managing Documents 


GroupWise Document Management Services (DMS) lets Windows client users create documents 
with integrated applications, save them, then easily locate a specific document later without knowing 
the application, a specific document name, or the document's physical location. Windows client users 
can create, share, locate, edit, view, and check out documents that are created under the management 
of Group Wise DMS. 


+ Section 23.1, “Adding Documents to Libraries,” on page 359 
+ Section 23.2, “Organizing Documents in Libraries,” on page 362 
+ Section 23.3, “Indexing Documents in Libraries,” on page 374 


+ Section 23.4, “Managing Documents in Libraries,” on page 383 


Adding Documents to Libraries 


After you set up one or more libraries, users can add new documents to any library to which they 
have rights. They can also import existing documents into the GroupWise DMS system. 


+ Section 23.1.1, “Creating New Documents in the GroupWise Windows Client,” on page 359 
+ Section 23.1.2, “Importing Existing Documents into the GroupWise DMS System,” on page 360 
+ Section 23.1.3, “Managing Groups of Documents,” on page 361 


Creating New Documents in the GroupWise Windows Client 
1 Click File > New > Document. 


New Document 


© Select an application 
O Select a Group Wise template 


O Select a file 


Applications: 


Bitmap Image 

Microsoft Access Application 
OpenDocument Drawing 
OpenDocument Presentation 
OpenDocument Spreadsheet 
OpenDocument Text 


Wave Sound 


Library where document will be stored: 


| Development Library (Default) 


2 Selectthe program you want to use to create the document, select the library where you want to 
store the document, then click OK. 


3 Inthe New Document dialog box, type a brief description of the document. 
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New Document 


Document subject: 


Open document now OK Cancel Properties... 


4 To set document properties, click Properties. 


New Document 


Document | Version | Sharing | Activity Log) 


Library: Development Library 
Document number: 


Subject: | 


Document type: | Document 


Author: [ provol “development mpalu 
Creator: 

Date created: 1419/2012 10:09 4M 
Official version: 0 


Current version: 


C Open document now 


5 Setthe document properties as needed, then click OK. 


The selected program starts so you can create a new document. 


For more detailed information about creating documents in the GroupWise client, see “Creating 
Documents” in “Document Management” in the GroupWise 2012 Windows Client User Guide. You can 
also look up “documents” in the GroupWise client help. 


23.12 Importing Existing Documents into the GroupWise DMS System 


Some users might have existing documents that they want to manage by adding them toa 
GroupWise library. 


To import documents using the GroupWise Windows client: 


1 Click File > Import/Export > Import Documents. 
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Select Files to Import 


Files to import: 


Novell, 


6 n [ Add Individual Files... | [ Add Entire Director... 


V] Quick import (Recommended) 
Copies documents to your default library and creates document 
references in the folder you specify. 


Cancel 


2 Click Add Individual Documents, browse to and select the documents to add, then click OK. 
or 


Click Add Entire Directory, browse to and select a directory containing documents to import, then 
click OK. 


For additional instructions about creating documents in the GroupWise client, see “Importing 
Documents into a GroupWise Library” in “Document Management” in the GroupWise 2012 Windows 
Client User Guide. You can also look up “import documents” in the GroupWise client help. 


23.13 Managing Groups of Documents 


As users add documents and your GroupWise DMS system grows, your librarians might need to 
assist users in managing large groups of documents. If you have not yet assigned librarians to your 
GroupWise libraries, see Section 22.6.4, “Adding and Training Librarians,” on page 350. 


To manage large groups of documents in the GroupWise Windows client: 


1 Click Tools > Mass Document Operations. 


Mass Document Operations 
Select the operation you want to perform. The operation will affect all versions of a 
document. 
Operation 
© Change properties O Change sharing 


O Move O Copy 
O Delete 


Selection method 


© Use Find/Advanced Find to select documents 
O Use Find by Example to select documents 


© Use documents listed in a file 


2 Select the operation to perform on the group of documents: 
+ Change properties 


+ Move 
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+ Delete 
+ Change sharing 
* Copy 
3 Select the method for identifying the group of documents to perform the operation on: 

+ Use Find/Advanced Find to select documents 
+ Use Find by Example to select documents 
+ Use currently selected documents 
+ Use documents listed in a file. 

For additional instructions about creating documents in the GroupWise client, see “Managing 


Groups of Documents” in “Document Management” in the GroupWise 2012 Windows Client User 
Guide. You can also look up “mass document operations” in the GroupWise client help. 


IMPORTANT: You must be in Online mode in the Group Wise Windows client in order to perform 
mass document operations. 


23.2 Organizing Documents in Libraries 


Because documents are stored in a database structure, information can be associated with each 
document that is not part of the document itself. This additional information is stored as document 
properties. 

¢ Section 23.2.1, “Customizing Document Properties,” on page 362 


+ Section 23.2.2, “Defining Related Document Properties,” on page 371 


NOTE: Document properties cannot be set in ConsoleOne on Linux. However, you can use 
ConsoleOne on Windows to set document properties for libraries that are located on Linux. 


23.2.1 Customizing Document Properties 


For a summary of document properties, see Section 21.3.1, “Document Properties,” on page 318. To 
review, the following document properties are provided by default: 


Author 

Creator 

Current Version Number 
Date Created 

Document Number 
Document Type 

Official Version Number 
Subject 


The default document property types cannot be deleted. Except for the Document Type property, 
they cannot be modified. However, you can add custom document types as needed. 


+ “Customizing the Default Document Type Property” on page 363 
+ “Planning Custom Document Properties” on page 364 


+ “Adding Custom Document Properties” on page 366 
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+ “Planning Custom Lookup Tables for Custom Document Properties” on page 368 


+ “Adding Custom Lookup Tables” on page 369 


Customizing the Default Document Type Property 


The Document Type property is the only default document property that you can modify. Fora 
review of document types, see Section 21.3.2, “Document Types,” on page 319. You must have at least 
one document type, because it is a reguired document property field. 


To modify the Document Type property for all libraries in a post office: 


1 In ConsoleOne on Windows, browse to and select the post office that has libraries where you 
want to modify the Document Type property. 


2 Click Tools > GroupWise Utilities > Document Properties Maintenance. 


a Document Properties Maintenance 
File Edit Help 


H 2l21=] 
©? Provo2 Sales 
i 

G- -i Lookup Tables 


If you expand Libraries and select each library, you see that each library has the Document Type 
property. It is required. 


3 Expand Lookup Tables, then select Document Type. 


«a Document Properties Maintenance 
File Edit Help 


E +12|= 


SP Provo2. Sales | Maximum Versions | Expiration Action 
J- -p Libraries Archive 
' bee y Sales Library Archive 
- -§, Lookup Tables | Archive 
--- (i ed Archive 
Archive 
Archive 
Archive 
Archive 
Delete 
Archive 
Archive 
Archive 
Archive 
Archive 
Archive 


The lookup table defines the list of choices offered to users when they select a document type, no 
matter which library in the post office they are creating the document in. 
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4 To add a new document type, click Edit > Add. In the Value field, type the new document type, 
click Add, then click Close. 


Lookup Entry: Document Type 


Value: | 


Expiration Action 
Maximum Versions: 100 ( Archive 


Document Life (days): [365 © Retain 
C Delete 


Help | 


5 Toeditan existing document type, click Edit > Edit. Change the settings as needed, click Update, 
then click Close. 


Lookup Entry: Document Type 


Value: Agenda] Update | 


Expiration Action 
Maximum Versions: 100 Archive 


Document Life (days): {99 © Retain 
C Delete 


Cancel | Help | 


For more details about the fields associated with the Document Type property, see Section 21.3.2, 
“Document Types,” on page 319. 


6 To delete a document type, select the document type, click Edit, then click Delete. 


Planning Custom Document Properties 


When you need to add custom document properties, print the “Custom Document Properties 
Worksheet” on page 365. One copy of the worksheet accommodates three new document properties. 


The following table describes the fields and values associated with custom document properties: 


Document Property Field Values 


Field 
Property Field: The document property field is the label that GroupWise client users see in the 
document Properties dialog box. 
When you create a new document property, you can provide a description as well. 
However, the description displays only in ConsoleOne, not in the GroupWise client. 
Read-Only? Yes: The document property field displays information, but it is not accessible to 
users. 
No: Users can type in the document property field. 
Required? Yes: The user must supply a value for the document property. 
No: The user can leave the document property field blank. 
Hidden? Yes: The document property field is not displayed in the GroupWise client interface. 


No: The document property field is displayed in the GroupWise client interface. 
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Document Property Field Values 


Field 

Lookup Table: A lookup table is required for a custom document property only when you want to offer 
the user a list of choices, rather than having the user type in the setting. The lookup 
table guarantees that the user provides a valid setting. For more information, see 
“Planning Custom Lookup Tables for Custom Document Properties” on page 368. 

Related Property: A related property is required for a custom document property only when you create a 
lookup table that references a related lookup table. For more information, see 
Section 23.2.2, “Defining Related Document Properties,” on page 371. 

Data Type: Binary: An Object API reads and writes this information 
Date: Displayed in the Windows format selected by the user 
Number: Numerical only 
String: Alphanumeric 

Maximum Length: For the String data type, you can specify the maximum number of characters allowed 
in the string. The longest possible string is 65535 alphanumeric characters. 

Case: For the String data type, you can control how the user's input is handled: 
Upper: Forces entries to display in uppercase 
Lower: Forces entries to display in lowercase 
Mixed: Allows alphabetical characters to be displayed as typed 

Minimum Value: For the Number data type, you can specify a minimum acceptable value. 

Maximum Value: For the Number data type, you can specify a maximum acceptable value. 

Parent: If the new document property is related to an existing document property in a parent- 


child relationship, you must specify the parent document property. For more 
information, see Section 23.2.2, “Defining Related Document Properties,” on 
page 371. 


Use copies of the “Custom Document Properties Worksheet” on page 365 to plan the custom 
document properties you want to add to libraries. 


If you need to create one or more lookup tables for your custom document properties, follow the 
instructions in “Planning Custom Lookup Tables for Custom Document Properties” on page 368 and 
“Adding Custom Lookup Tables” on page 369. Lookup tables used by new document properties 
should exist before you create custom document properties. 


Then continue with “Adding Custom Document Properties” on page 366. 


Custom Document Properties Worksheet 
For instructions on how to use this worksheet, see “Planning Custom Document Properties” on 


page 364. 


Item Custom Document Custom Document Custom Document 
Property Property Property 


1) Post Office: 


2) Libraries: 
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Item Custom Document Custom Document Custom Document 
Property Property Property 


3) Property Label: 
4) Description: 
5) Read-Only? 
+ Yes 
+ No 
6) Reguired? 
+ Yes 
+ No 
7) Hidden? 
+ Yes 
+ No 
8) Lookup Table: 
9) Data Type: 
+ Binary 
+ Date 
+ Number 
+ String 
10) Maximum Length: 
11) Case: 
+ Mixed 
+ Upper 
+ Lower 
12) Minimum Value: 
13) Maximum Value: 


14) Parent: 


Adding Custom Document Properties 


After you have determined what new document properties will meet the needs of your DMS system, 
as described in “Planning Custom Document Properties” on page 364, and if necessary you have 
created lookup tables for your new document properties, as described in “Planning Custom Lookup 
Tables for Custom Document Properties” on page 368 and “Adding Custom Lookup Tables” on 
page 369, you are ready to add new custom document properties. 


To add new custom document properties: 


1 In ConsoleOne on Windows, browse to and select the Post Office object that owns the library for 
which you are creating custom document properties (worksheet item 1). 


2 Click Tools > GroupWise Utilities > Document Properties Maintenance. 
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«« Document Properties Maintenance 
File Edit Help 


H +12|- 


©? Provo2 Sales 


G- -i Lookup Tables 


3 Expand Libraries, then select the library for which you are creating custom document properties 
(worksheet item 2). 


«« Document Properties Maintenance 
File Edit Help 


E +/4/=| 
z Provo2. Sales Data Type | Lookup Table Required Read-only Hidden | Max Lengl Text Case 
J. ff Libraries String 256 Mixed 
| SEI String 256 Mixed 
H- -§ Lookup Tables Number A š 
Date 
Document Number Number - - 
Document Type String Document Type 65535 Mixed 
Official Ver # Number - - 
Subject String 65535 Mixed 


s 


Property Label: 


Description: 


T Read-only 

T Required 

T Hidden 
Lookup Table: [ 


Related Property: {{none) 


Data Type: String Sud 


Maximum Length: [65535 
Case: [M ixed | 


Fields vary according to data type. 
5 Fill in the fields (worksheet items 3 through 14). 
6 Click OK to create the new custom document property. 


In the Document Properties Maintenance window, the new document property is listed in 
alphabetical order. In the GroupWise client, custom document properties are listed after default 
document properties, in the order in which they are added to the library. 


7 Repeat Step 4 through Step 6 for each new custom document property. 


When users next create documents in the library, the new custom document properties will be 
available to them. 
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Planning Custom Lookup Tables for Custom Document Properties 


A lookup table is required for a custom document property only when you want to offer the user a 
list of choices, rather than having the user type in the setting. The lookup table guarantees that the 
user provides a valid setting. 


Lookup tables are defined for the post office, so that multiple libraries in the post office can reference 
the same lookup tables. 


When you need to provide lookup tables for custom document properties, print the “Custom Lookup 
Tables Worksheet” on page 369. One copy of the worksheet accommodates three new lookup tables. 


The following table describes the fields and values associated with lookup tables: 


Lookup Table Field Field Values 


Lookup Table Name: The lookup table name identifies the lookup table when you are assigning it to a 
property field. 


If the lookup table pertains to only one document property, you can name the lookup 
table the same as the document property. For example, the default property Document 
Type uses a lookup table named Document Type. 


However, lookup tables can be used by multiple document properties. For example, 
you could have a lookup table named Project used by document properties named 
Primary Project and Secondary Project. 


When you create a new lookup table, you can provide a description as well. If the 
lookup table name does not match a document property, you could indicate what 
document properties use the lookup table. 


Related Table: A related table is required for a lookup table only when you want to define related 
properties. For more information, see Section 23.2.2, “Defining Related Document 
Properties,” on page 371. 


Data Type: Binary: An Object API reads and writes this information 
Date: Displayed in the Windows format selected by the user 
Number: Numerical only 
String: Alphanumeric 


Maximum Length: For the String data type, you can specify the maximum number of characters allowed 
in the string. The longest possible string is 65535 alphanumeric characters. 


Case: For the String data type, you can control how the user's input is handled: 

Upper: Forces entries to display in uppercase 

Lower: Forces entries to display in lowercase 

Mixed: Allows alphabetical characters to be displayed as typed 
Minimum Value: For the Number data type, you can specify a minimum acceptable value. 
Maximum Value: For the Number data type, you can specify a maximum acceptable value. 


Lookup Table Entries: The lookup table entries are the settings that users will choose from when they set the 
custom document property. 
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Use copies of the “Custom Lookup Tables Worksheet” on page 369 to plan the lookup tables you 
need in order to provide values for new custom document properties. If you need to use related 
properties, follow the instructions in Section 23.2.2, “Defining Related Document Properties,” on 
page 371. Then continue with “Adding Custom Lookup Tables” on page 369. 


Custom Lookup Tables Worksheet 


For instructions on how to use this worksheet, see “Planning Custom Lookup Tables for Custom 
Document Properties” on page 368. 


Item Custom Lookup Table Custom Lookup Custom Lookup Table 
Table 


1) Post Office: 
2) Property Label: 
3) Lookup Table Name: 
4) Description: 
5) Related Table: 
6) Data Type: 

+ Binary 

+ Date 

+ Number 

+ String 
7) Maximum Length: 
8) Case: 

+ Mixed 

+ Upper 

+ Lower 
9) Minimum Value: 
10) Maximum Value: 


11) Lookup Table Entries: 


Adding Custom Lookup Tables 


After you have determined what new lookup tables and lookup table entries you need to 
accommodate your new custom document properties, as described in “Planning Custom Lookup 
Tables for Custom Document Properties” on page 368, you are ready to add new lookup tables. 


1 In ConsoleOne on Windows, browse to and select the Post Office object that owns the libraries 
for which you are creating lookup tables (worksheet item 1). 


2 Click Tools > GroupWise Utilities > Document Properties Maintenance. 
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«« Document Properties Maintenance 
File Edit Help 


H +12|- 


tovo2. Sales 


G- -i Lookup Tables 


3 Select Lookup Tables, then click Edit > Add to display the Lookup Table Definition dialog box. 


Lookup Table Definition 


Table Name: | 
Description: CY Cancel 
Belated Tabe: fmn i = 

Data Type: [Sting z] 
Maximum Length: [s5 tt sts~—SS 


Fields vary depending on data type. 
4 Fill in the fields (worksheet items 3 through 10). 
5 Click OK to create the new lookup table. 
6 Select the new lookup table, then click Edit > Add to display the Lookup Entry dialog box. 


Lookup Entry 


7 Inthe Value field, type one of the document property settings you want to offer to users 
(worksheet item 11), then click Add. 


8 Repeat Step 7 for all the lookup table entries listed on your worksheet for this lookup table, then 
click Close. 


9 Click OK to create the custom lookup table. 
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23.2.2 


Defining Related Document Properties 


When document properties are related, your choice for the first property determines the settings you 
are offered for the second property. The user's selection in the first field determines what choices 
were offered in the second field. 


Related document properties are set up by creating related lookup tables. Complete the following 
tasks to set up related document properties: 


+ “Planning Related Document Properties” on page 371 
+ “Creating Related Lookup Tables” on page 373 
+ “Setting Up Related Document Properties” on page 373 


Planning Related Document Properties 


Related document properties use a parent-child relationship. A parent property can have multiple 
child properties, but a child property can belong to only one parent. The relationship can include 
only two levels. A parent property cannot function as a child and a child property cannot function as 
a parent. The default document properties cannot participate as related properties. 


In the Development Library example above, the Product document property would be the parent 
property and the Component document property would be the child property. If the Development 
Library belonged to Novell, products would include GroupWise, Open Enterprise Server, 
ZENworks, and so on. When users selected GroupWise as the product, listed components could 
include the GroupWise client, the agents, Group Wise system administration, and so on. Or you could 
let users type in whatever components they wanted. 


When you need to set up related document properties, print the “Related Document Properties 
Worksheet” on page 372. One copy of the worksheet accommodates one pair of related property 
fields, one parent lookup table, and one child lookup table (optional). 


The following table describes the document properties and lookup tables that are reguired in order to 
set up related document properties: 


Properties and Tables Description 


Parent Document Property The parent document property is the user's first selection. In the Development 
Library example above, the parent document property is Product. 


Child Document Property The child document property is the user's second selection, based on the first 
selection. In the Development Library example above, the child document 
property is Component. 


Parent Lookup Table The entries in the parent lookup table provide the choices offered to the user in 
the parent document property field. In the Development Library example above, 
the user could select from GroupWise, Open Enterprise Server, and ZENworks 
in the Product field. 


Child Lookup Table The entries in the child lookup table provide the choices offered to the user after 
a choice from the parent lookup table has been selected. In the Development 
Library example above, if the user selected GroupWise in the Product field, the 
child lookup table would provide choices such as Agents, Client, and Admin in 
the Component field. 


The child lookup table is not reguired if you want to allow the user to type in 
anything they want in the child document property field. 
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Use copies of the “Related Document Properties Worksheet” on page 372 to plan the related 
document properties you want to use. One copy of the worksheet accommodates one pair of related 
properties. Continuing with the Development Library example, a filled-in worksheet might look like 


this: 

Item Setting Item Setting 

1) Parent Document Property Name: 4) Child Document Property Property Name: 

Property Product Component 

2) Parent Lookup Table Table Name: Product 5) Child Lookup Table Table Name: 

Component 

3) Parent Lookup Entries (required) 6) Child Lookup Entries (optional) 
Parent Entry: Child Entries: Admin 
GroupWise Agents Client 
Parent Entry: Open Child Entries: 
Enterprise Server eDirectory Servers 
Parent Entry: ZENworks Child Entries: 


Desktops Servers 


When you have finished planning related properties and their associated lookup tables, you should 
print and fill in a worksheet for each for each new related property, as described in “Planning 
Custom Document Properties” on page 364, and for each new lookup table, as described in 
“Planning Custom Lookup Tables for Custom Document Properties” on page 368. 


Then you are ready to continue with “Creating Related Lookup Tables” on page 373. 


Related Document Properties Worksheet 


For instructions on how to use this worksheet, see “Planning Related Document Properties” on 


page 371. 

Item Setting Item Setting 

1) Parent Document Name: 4) Child Document Property Name: 

Property 

2) Parent Lookup Table Name: 5) Child Lookup Table Name: 

3) Parent Lookup Entries (reguired) 6) Child Lookup Entries (optional) 
Entry: Entries: 
Entry: Entries: 
Entry: Entries: 
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Creating Related Lookup Tables 


If you are supplying the choices for both related fields, you need both a parent lookup table and a 
child lookup table. If you are going to have users type information into the child property field, then 
you only need to create the parent lookup table. You should create lookup tables before creating the 
document properties that use them. 

+ “Creating the Parent Lookup Table” on page 373 


+ “Creating the Child Lookup Table (Optional)” on page 373 


Creating the Parent Lookup Table 


1 Create a new lookup table, as described in Step 1 through Step 5 in “Adding Custom Lookup 
Tables” on page 369. Use worksheet item 2 in the Table Name field. Leave the Related Table field 
set to (none). 


2 Add entries to the new lookup table, as described in Step 6 through Step 8 in “Adding Custom 
Lookup Tables” on page 369. Use the entries listed under worksheet item 3 in the Value field. 


3 Continue with “Creating the Child Lookup Table (Optional)” on page 373. 
or 


If you are going to have users type information into the child property field, rather than 
selecting from a predefined list, skip to “Setting Up Related Document Properties” on page 373 


Creating the Child Lookup Table (Optional) 


1 Create a new lookup table, as described in Step 1 through Step 5 in “Adding Custom Lookup 
Tables” on page 369. Use worksheet item 5 in the Table Name field. Use worksheet item 2 in the 
Related Table field to link the child table to the parent table. 


2 Select the new lookup table, click Edit, then click Add to display the Lookup Entry dialog box. 


Lookup Entry 


This table is a child in a relationship. Select a value from the parent 
table, then enter the child table's values. 


Parent Value: 


Value: 


3 Select a Parent value. 


4 Inthe Value field, type one of the child lookup table entries for the selected parent value 
(worksheet item 6), then click Add. 


5 Repeat Step 4 for each entry listed under worksheet item 6. 
6 Repeat Step 3 through Step 5 for each parent value listed under worksheet item 3. 
7 Continue with “Setting Up Related Document Properties” on page 373. 


Setting Up Related Document Properties 
After you have created related lookup tables, you are ready to set up the related document properties 


that use them. A few document property fields are required settings in the context of related 
properties: 


+ Read-Only must be set to No. 


Creating and Managing Documents 373 


23.3 


23.3.1 


+ Hidden must be set to No. 


+ Required must be set the same on the child property as it is on the parent property. 
To set up related document properties: 


1 Createthe parent document property as described in “Adding Custom Document Properties” on 
page 366. Use worksheet item 1 in the Property Label field. Use worksheet item 2 in the Lookup 
Table field. Leave the Related Property field set to (none). 


2 Createthe child document property using the same procedure. Use worksheet item 4 in the 
Property Label field. Use worksheet item 5 in the Lookup Table field. The Related Property field 
should automatically display as worksheet item 1, showing that the child property is related to 
the parent property. 


Indexing Documents in Libraries 


Documents stored in GroupWise libraries need to be indexed so users can locate documents using 
the Find feature in the GroupWise Windows client. Your organization might need dedicated 
indexing to minimize performance degradation and network congestion. You might also need 
dedicated indexing so users can have prompt access to newly created documents. 

+ Section 23.3.1, “Understanding DMS Indexing,” on page 374 

+ Section 23.3.2, “Determining Your Indexing Needs,” on page 381 


+ Section 23.3.3, “Implementing Indexing,” on page 383 


Understanding DMS Indexing 


Before determining if you will need dedicated indexing, you should have a basic understanding of 
how indexing works in Group Wise. 

+ “Index Storage” on page 374 

+ “Index Content” on page 375 

+ “Indexing Performed by the POA” on page 375 

+ “Indexing Cycle” on page 375 

+ “Bandwidth Considerations” on page 376 


+ “Indexer Configurations” on page 376 


Index Storage 


When documents are indexed, the information is stored in QuickFinder indexes, which are located in 
a library’s index subdirectory. A library’s QuickFinder index is partitioned into ten *.idx files. 
Additionally, temporary *.inc (incremental) files are created that contain each day’s new index 
information. The *.inc files are combined once per day into the *.idx files (usually at midnight). 


In a system with multiple libraries, each library has its own set of QuickFinder index files. Depending 
on how many libraries belong to a post office, and how many post offices with libraries are in your 
GroupWise system, there can be many sets of QuickFinder index files. 
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Index Content 


Indexing can include a documents full text (depending on its document type), and always includes 
the document's property sheet information (subject, author, version descriptions, and so on). Both 
newly edited and newly created documents are indexed, which means indexing volume is 
determined by how many existing documents are edited as well as how many new documents are 
created. 


Newly-created documents must be indexed before users can search for them. In setting up your 
indexing strategy, you must know how guickly users will need access to newly-created documents. 


The standard search is limited to the OuickFinder indexes in the user's default library. But users can 
choose to search for documents in other libraries to which they have access. 


Indexing Performed by the POA 


Indexing is among the many functions of the Post Office Agent (POA). To learn more about POA 
functions, see Section 35.5, “Role of the Post Office Agent,” on page 477. 


You can configure the POA for a post office to meet basic indexing needs. See Section 39.1, 
“Regulating Indexing,” on page 573. 


To support greater indexing needs, you can set up an additional POA that is dedicated to indexing. 
See Section 39.5, “Configuring a Dedicated Indexing POA (Windows Only),” on page 577. 


Not all libraries need dedicated POAs for indexing documents because indexing needs vary widely: 


* Inasmall GroupWise system that has only one post office and one library, indexing can easily be 
done by the one POA. 


¢ Ina post office with heavy DMS usage, one or more additional POAs can be dedicated to 
indexing the documents. 


+ Ina large system that has a DMS post office housing all libraries in the GroupWise system, 
indexing can be done by the DMS post office's POAs. 


A library can have more than one POA dedicated to indexing its documents. Because the library's 
OuickFinder index is partitioned into ten separate *.idx files, an organization that is extremely 
document-intensive can boost indexing performance by using up to ten POAs dedicated to indexing. 
These POAs do not conflict with each other in performing indexing because the *.idx and *.inc files 
are locked during the indexing process. 


You can temporarily use multiple indexing POAs for importing documents to speed up importing 
time. 


Indexing Cycle 


The freguency of indexing is determined by the POA OuickFinder Interval setting. The default is 
once every 24 hours at 8:00 p.m. This might be often enough in an organization where document 
usage is minimal, or where searching for newly-created documents is not mission-critical. 


You can specify the OuickFinder Interval setting in one-hour increments. For example, a setting of 1 
would allow users to find documents created as recently as an hour ago. Whether you should use a 
dedicated indexer at this freguency would depend on the volume (per hour) of documents that get 

gueued for indexing. 
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You can set the QuickFinder Interval to 0 (zero) for continuous indexing. This is recommended for 
organizations where document usage is intensive, or where users routinely need to find documents 
that have just been created. If document usage is intensive in your organization, you might need a 
separate indexer server dedicated to continuous indexing because the post office server’s 
performance could become unacceptably slow if continuous indexing is performed on it. 


Bandwidth Considerations 


A primary factor in network speed is bandwidth. This is the amount of data that can be passed 
through the network per second. If a network’s bandwidth is not sufficient for handling heavy traffic, 
intensive document indexing can degrade network performance. 


A number of elements affect network bandwidth, including cable types, transmission protocols, and 
hardware. Ethernet networks are susceptible to wide fluctuations in transmission speed during 
periods of heavy traffic. WANs can benefit from reduced network traffic. 


If you locate a post office in close proximity to its users, you have less traffic through routers, bridges, 
and other network hardware. Running GroupWise in client/server access mode also reduces network 
traffic. 


GroupWise users can add heavy messaging traffic to your existing network. DMS usage adds 
document indexing traffic as well. These factors can create much more network bandwidth usage 
than you have previously experienced. 


Indexer Configurations 


Following are five basic examples of how dedicated indexers can be configured. The examples do not 
cover all possibilities. You can combine elements from these configurations to customize indexing for 
your organization. 


In all configuration examples, the post office can contain multiple libraries, although the Single 
Server with One POA configuration is best suited to only one library. In the other configuration 
examples, one or more POAs can be set up for indexing documents for all libraries in the post office. 

+ “Single Server with One POA” on page 376 

+ “Single Server with Multiple POAs” on page 377 

+ “Dedicated Indexer Server” on page 378 

+ “Dedicated Indexer Server on an Isolated Network Segment” on page 379 

+ “Dedicated DMS Post Office” on page 380 


Single Server with One POA 


One POA runs on the post office server and performs all POA functions for the post office and its 
libraries. This basic configuration is best suited for a small system, or a decentralized library 
configuration with small post offices that each have a library. For more information, see “Centralized 
vs. Decentralized Library Configurations” on page 328. 
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Post Office 
My Library 
l N, 

a ar 


vv wv y 


Message User Library Document 
Database Database Database Database 


POA 


yy may ES ay 
GroupWise Client GroupWise Client GroupWise Client GroupWise Client 
Workstation Workstation Workstation Workstation 
Advantages Disadvantages 
+ Default configuration; no additional setup + All operations are performed on one server, which can 
is required. cause performance degradation if your organization 


¢ Troubleshooting is limited to a single does enough DMS opérauons, 


server. + If you increase OuickFinder intervals to lessen the load 
on the POA, you lengthen the time users must wait to 
search for new files, or find modified information through 
new searching keywords. 


Single Server with Multiple POAs 


It is possible to run more than one POA for the same post office on the same server. 
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Post Office 


vs v v y 


Message User Library Document 
Database Database Database Database 


POA POA 


I I Production 


| | Network Segment 


Q Q Q Q 


ES ES ES ES 
GroupWise Client GroupWise Client GroupWise Client GroupWise Client 
Workstation Workstation Workstation Workstation 
Advantages Disadvantages 
None. + Many processes running on one server can slow it down. 


+ A single point of failure can cause the server to shut down 
when a problem is encountered. 


There are no advantages to running multiple POAs on the same server. If you need more than one 
POA, run it on a separate server, as described in “Dedicated Indexer Server” on page 378 


Dedicated Indexer Server 


You can have the post office on one server and a POA dedicated to indexing DMS documents on 
another server. This configuration is useful for systems of any size with heavy DMS usage. 
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Post Office 


U y 


Message User Library Document 
Database Database Database Database 


POA 1 


I Production 


Network Segment 


Q Q Q Q 


ay ay my ay 
GroupWise Client GroupWise Client GroupWise Client GroupWise Client 
Workstation Workstation Workstation Workstation 
Advantages Disadvantages 
+ A dedicated server for quicker DMS indexing. This + Network traffic can increase significantly during 
is useful for organizations that are document- periods of intense indexing. 
intensive. 


+ Multiple server hardware is required. 
* The messaging post office is not hampered by DMS 
indexing. 


Dedicated Indexer Server on an Isolated Network Segment 


You can have the post office on one server and a POA dedicated to indexing documents on another 
server that is on an isolated network segment. This configuration minimizes bandwidth congestion 
for the production network segment. 
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Post Office 


Isolated 4 
wW u W W | soen Poe 
I 


Message User Library Document 
Database Database Database Database 


POA 1 


I Production 


| Network Segment 


Q Q Q Q 


= = = = 
GroupWise Client GroupWise Client GroupWise Client GroupWise Client 
Workstation Workstation Workstation Workstation 
Advantages Disadvantages 
+ Dedicated server for quicker DMS indexing. + Multiple server hardware is required. 


This is useful for organizations that are 


E ; + Adedicated network segment is required (including 
document-intensive. 


second network interface card that is directly linked 
+ The messaging post office is not hampered by to the indexer Server). 

PMS Teenie: + For multiple indexing servers, a dedicated hub 
+ The large amount of information that is passed might be needed. 

between the post office server and the indexing 

server does not congest the bandwidth of the 

production network segment. 


Dedicated DMS Post Office 


You can have one post office that is dedicated to messaging and another to DMS. This configuration 
is useful for post offices that have heavy DMS usage. For a review of this configuration, see 
“Centralized Libraries” on page 329. 
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User DMS 
Post Office Post Office 


My Library = Library 
ww 
à | 
v y 


Library Document 


User Message 
Database Database 


Database Database 


Production a 


| Network Segment | 


= = = = 
GroupWise Client GroupWise Client GroupWise Client GroupWise Client 
Workstation Workstation Workstation Workstation 


Advantages Disadvantages 


+ A dedicated POA for quicker DMS indexing. + High-end hardware is required for DMS server. 
Wes Hell for organizations hatare + An additional post office and POA to be maintained. 
document-intensive. 
+ Client/server is required for searching and 


+ The messaging post office is not hampered by accessing documents 


DMS traffic and indexing. 
+ Remote access is required for users who cannot 
use client/server mode. This ensures that the 
slower store-and-forward process is used for 

remote searching and accessing of documents. 


* Logical separation of messaging and DMS 
databases. Processes such as backing up 
databases are easier. 


¢ This configuration is ideal for creating a 
centralized library configuration. 


Determining Your Indexing Needs 


The following table presents some indexing considerations and suggests an indexing configuration 
based on how the considerations pertain to your indexing needs: 


Consideration Single Dedicated Indexer Dedicated Indexer Dedicated DMS 
Server with Server Server on an Isolated Post Office 
One POA Network Segment 

Does the post office own No Yes or No Yes or No Yes 


multiple libraries? 


What is the expected Light Light or Moderate Moderate or Heavy Heavy 
indexing volume (per 
hour)? 
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Consideration Single Dedicated Indexer Dedicated Indexer Dedicated DMS 


Server with Server Server on an Isolated Post Office 
One POA Network Segment 
Is hardware available fora No Yes Yes Yes 
dedicated indexer server? 
Could bandwidth No Maybe Maybe or Yes Yes 


congestion be a problem? 


Use the “Indexing Worksheet” on page 382 to estimate the indexing needs of the libraries in your 
GroupWise system. Each worksheet accommodates three libraries. 


Identify each library (worksheet items 1 and 2). Estimate the impact of each consideration in each 
library (worksheet items 3 through 6). Then compare your estimates for each library to the values in 
the table above to determine the indexing configuration for each library (worksheet item 7). 


Indexing Worksheet 


For instructions on how to use this worksheet, see Section 23.3.2, “Determining Your Indexing 
Needs,” on page 381. 


Library Library Library 
1) Library: 
2) Library's Post Office: 
3) Multiple Libraries per Post Office? 


+ Yes 
* No 
4) Expected Indexing Volume (per hour): 
* Light 
+ Moderate 


+ Heavy 
5) Additional Server Available? 


+ Yes 


+ No 
6) Bandwidth Congestion Possible? 


+ Yes 
+ Maybe 


+ No 
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Library Library Library 
7) Indexer Configuration: 


+ Single server with one POA 
+ Dedicated indexer server 


+ Dedicated indexer server on an 
insolated network segment 


* Dedicated DMS post office 


23.3.3 Implementing Indexing 


For libraries where a single POA running on the post office server can provide adequate indexing 
support for the post office’s libraries, follow the instructions in Section 39.1, “Regulating Indexing,” 
on page 573 to implement indexing. 


For libraries where additional POAs running on separate servers are required to support the 
indexing needs of the post office’s libraries, follow the instructions in Section 39.5, “Configuring a 
Dedicated Indexing POA (Windows Only),” on page 577 to implement indexing. 


23.4 Managing Documents in Libraries 


As more and more documents are added to your GroupWise libraries, you must manage the disk 
space occupied by libraries and respond to various changes in your GroupWise system. 


+ Section 23.4.1, “Archiving and Deleting Documents,” on page 383 
+ Section 23.4.2, “Backing Up and Restoring Archived Documents,” on page 383 
+ Section 23.4.3, “Handling Orphaned Documents,” on page 385 


See also Section 22.6.2, “Managing Document Storage Areas,” on page 345. 


23.4.1 Archiving and Deleting Documents 


The Document Type property determines what happens to documents whose document life in your 
GroupWise system has expired. For a review of the document types and document life, see 
Section 21.3.2, “Document Types,” on page 319. 


You can use the Mailbox/Library Maintenance feature in ConsoleOne to archive and delete 
documents on demand, as described in Section 30.4, “Reducing the Size of Libraries and Document 
Storage Areas,” on page 428. 


You can also configure the POA to archive and delete documents on a regular schedule, as described 
in Section 36.4.2, “Scheduling Disk Space Management,” on page 520. 


23.4.2 Backing Up and Restoring Archived Documents 


When documents are archived, they are physically moved to a directory in the post office, where disk 
space can be limited. You should move archived documents to your backup medium regularly. 


+ “Moving Archived Documents to Backup” on page 384 


+ “Restoring Archived Documents” on page 384 
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Moving Archived Documents to Backup 


When documents are archived, they are placed in automatically created archive directories. Each 
library has a set of archive directories. For example, gwdms (Group Wise Document Management 
Services) is one of the post office's directories. The library directories exist under it, named 1ib0001- 
ff. Under each library directory is an archive directory, under which are the sequentially-numbered 
archival directories, named arnnnnnn (where nnnnnnis an integer with leading zeros). Each 
arnnnnnn directory is an archive set. To view the gwdms directory, see “Post Office Directory” in 
GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure. 


To move archived documents to backup: 


1 Make sure you have a backup medium (such as tape, CD, or DVD) operating with your system. 


2 Make sure you have already archived documents that have reached their expiration dates. 
Documents that have not been archived cannot be removed to a backup medium. 


3 Startthe software for your backup medium. 
4 When the backup software asks for the location of your archive files, give the full path. 
Example: 


j:\post office\gwdms\1ib0\archive\ar000001 


If users need the backed-up documents in the future, see “Restoring Archived Documents” on 
page 384. 


Restoring Archived Documents 


When a user tries to access a document that has been archived, one of two things happens: 


+ If the document is in the post office archive set, and has not yet been physically moved from the 
archive location, the document opens normally. The user does not realize it was archived. The 
document is unarchived from the archive set at that time; that is, it is moved back to the library 
document directory from which it was archived. It is also given a new archive date according to 
the document type. 


+ The user sees a message indicating the document cannot be opened. In this case, the archive set 
containing the document has been physically moved to a backup medium. Therefore, the 
document cannot be automatically unarchived. In this case, the user might contact you, asking 
you to locate or recover the document. You can restore either the document’s BLOB or the 
archive set that contains the BLOB. After the document is restored to its archive directory, the 
user will be able to open the document normally. 


To restore archived documents from a backup medium: 
Obtain the Document Number for the document the user was trying to access. 
In the GroupWise Windows client, click Tools > Find. 


Specify the Document Number, then click OK. 
Right-click the document in the Find Results listing, then click Properties > Version. 


ao R WN F 


Note the archive directory in the path listed in the Current Location field. 


The subdirectory listed after the ..\ archive directory is the archive set containing the document, 
for example, \ar000001. 


6 If you have the ability to recover individual files from your backup medium, also note the BLOB 
file name listed in the Current Filename field. 
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7 Determine where you backed up the archive set, then copy either the archive set or the 
individual BLOB file to the archive directory specified in the Current Location field that you 
noted earlier. 


8 You can now notify the user that the requested document is available. 


9 When you are sure the user has opened the document (causing it to be unarchived), you should 
delete any files remaining in that archive directory because you have already backed them up. 


23.4.3 Handling Orphaned Documents 


If you remove public rights for a library, some documents might become inaccessible. For example, if 
a user who has been denied access to the library is the only user who had access to certain 
documents, those documents become orphaned. No other user can access or search for those 
orphaned documents. This is because document security is controlled by the user listed in the Author 
and Creator fields in the document's properties. In other words, if the author or creator no longer has 
access to a document, neither does anyone else. 


However, orphaned documents can be reassigned to another author so that someone can access them 
again. This can be done in one of two ways: 


+ In ConsoleOne, the Analyze/Fix Library action in Mailbox/Library Maintenance can reassign 
orphaned documents to a specified user. Then, the new user has access to all orphaned 
documents in that library. For more information, see Section 28.2, “Analyzing and Fixing Library 
and Document Information,” on page 416. 


¢ A librarian has the ability to alter the Author field of documents. Therefore, a librarian can 
replace the previous user's GroupWise ID with his or her own ID. In doing so, the librarian 
becomes the new author of the document. This can also be done as a mass operation for multiple 
documents with varying user IDs in the Author field. For more information, see Section 22.6.4, 
“Adding and Training Librarians,” on page 350. 
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Integrations 


Document-producing applications can be integrated with GroupWise Document Management 
Services (DMS) to allow GroupWise management control over files produced by the integrated 
applications. Integrations provide code specifically designed to allow function calls, such as Open or 
Save, to be redirected to the GroupWise Windows client. This allows GroupWise dialog boxes to be 
displayed instead of the application’s normal dialog boxes for the integrated functions. 


GroupWise DMS includes standard integrations for the following applications: 


+ 


+ 


+ 


+ 


+ 


+ 


Corel Presentations 7.x through 10.x 
Corel Ouattro Pro 7.x and 8.x 

Corel WordPerfect 6.1 through 10.x 
Lotus Word Pro 96 and 97 

Microsoft Binder 97 

Microsoft Excel 95, 97, 2000, and 2002 
Microsoft PowerPoint 97, 2000, and 2002 
Microsoft Word 95, 97, 2000, and 2002 
Microsoft Office 2007 

OpenOffice.org (Novell version) 


Other applications can be integrated manually using the gwappint . inf file. 


+ 


+ 


+ 


Section 24.1, “Setting Up Integrations during Windows Client Installation,” on page 387 
Section 242, “Setting Up Integrations Using the gwappint.inf File,” on page 388 
Section 24.3, “Controlling Integrations in the GroupWise Windows Client,” on page 393 


Setting Up Integrations during Windows Client Installation 


The GroupWise Windows client Setup program can offer users the opportunity to integrate their 
document-producing applications during client installation. 
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fe GroupWise - Custom Setup E x| 


Custom Setup 
Select the program features you want installed. 


Click on an icon in the list below to change how a feature is installed. 


Feature Description 0. 
Choose applications for integration with 
GroupWise Document Management to 
save and retrieve files from within 
GroupWise. 


This feature requires OKB on your hard 
drive. 


This dialog box lists the applications that can be integrated with GroupWise that are currently 
installed on users’ workstations. Therefore, it is important to make sure that the applications to 
integrate are installed before the GroupWise client is installed. However, it does not matter whether 
GroupWise and the applications are installed to run from the network or from the users’ 
workstations. The integrations work with any combination of installation choices. 


After selecting applications to integrate during GroupWise client integration, users can manage their 
integrations in the GroupWise client, as described in “Integrating GroupWise with Your 
Applications” in “Document Management” in the GroupWise 2012 Windows Client User Guide. 


If users need to install and integrate applications after installing the GroupWise client, they can install 
the new applications, then reinstall the GroupWise client so that they can select the new applications 
during GroupWise client installation. If reinstalling the GroupWise client is not an option, you might 
need to assist them in setting up additional integrations, as described in Section 24.2, “Setting Up 
Integrations Using the gwappint.inf File,” on page 388. 


Setting Up Integrations Using the gwappint.inf File 


The gwappint.inf file controls how document-producing applications are integrated with the 
GroupWise Windows client. During client installation, the gwappint .inf file is installed in the 
following directory: 


c:\Program Files\Novell\GroupWise 


It is a text file that can be viewed and modified in a text editor such as Notepad. However, a regular 
Windows user does not have sufficient rights to edit the gwappint . inf file in its default location. 
Therefore, when a user accesses integration settings in the GroupWise Windows client by using Tools 
> Options > Documents > Integrations, a copy of the gwappint . inf file is created in the following 
directory: 


Windows c:\Documents and Settings\user name\Application Data\ 
XP: Novell\GroupWise 


Windows c:\Users\user name\AppData\Local\Novell\GroupWise 
Vista: 


Windows 7: c:\Users\user name\AppData\Roaming\Novell\GroupWise 


In that location, the GroupWise client user has sufficient rights to edit the file. The GroupWise 
Windows client always checks the user-editable location first. 
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24.2.1 


You might want to print the gwappint . inf file from a user workstation to help you understand how 
integrations have been set up for your users during GroupWise client installation. 

+ Section 24.2.1, “Understanding the Three Levels of Integration,” on page 389 

+ Section 24.2.2, “Understanding the gwappint.inf File,” on page 390 

+ Section 24.2.3, “Editing the gwappint.inf File,” on page 392 


Understanding the Three Levels of Integration 


The gwappint . inf file provides for three different levels of integration, to meet the needs of different 
types of document-producing applications: 


+ “ODMA Integration” on page 389 
+ “Point-to-Point Integration” on page 389 


+ “No Integration” on page 389 


ODMA Integration 


The Open Document Management API (ODMA) is an industry standard for applications and 
document management programs to use in achieving seamless integration. ODMA is platform- 
independent. GroupWise DMS is 32-bit ODMA-compliant, and can automatically integrate with all 
32-bit ODMA-compliant applications. Applications that are not 32-bit ODMA-compliant must have 
integrations created for them to be used with GroupWise DMS. 


Point-to-Point Integration 


This integration involves applications that are not 32-bit ODMA-compliant. Novell has written 
macros for various applications, such as Microsoft Word, which allow them to be integrated with 
GroupWise. This provides the same functionality as for 32-bit ODMA-integrated applications. These 
applications can be selected for integration when the GroupWise client is installed. 


Integration macros are written in the macro language of the application being integrated with 
GroupWise. Macro calls are made to GroupWise dialog boxes to replace access of the application's 
own dialog boxes (for example, Open and Save). 


No Integration 


Non-integrated applications rely on Windows associations. When a reference icon is selected in 
GroupWise, the file’s extension is examined to determine which application to use. The application is 
launched and the file is opened. 


Functions performed in a non-integrated application are not managed by GroupWise. So, if the file is 
renamed or saved to a different location, the file is not part of a GroupWise library. When the file is 
opened later, a message is displayed reminding the user that the file is not under management of 
GroupWise. However, if you simply edit the file and re-save it without changing the name or 
location, GroupWise continues to provide management of the file. 
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24.2.2 Understanding the gwappint.inf File 
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The gwappint .inf file is located in the c:\Program Files\Novell\GroupWise subdirectory. It 
includes the following sections and lines: 


¢ [executable_name] sections 


- Integration= line 

- DualExe= line 

- AppName= line 

- AppKey= line 
* [ODMA Application Extensions] section 
+ [Integration State] section 
* [Non-Integrated Defaults] section 

- WaitInterval= line 

- ShowMessage= line 


[executable name] Sections 


The gwappint.inf file contains one [executable name] section for each integrated application. It 
supplies the name of the executable for the program being integrated. 


Integration= Line 


Each [executable name] section must have an Integration= line, where digits identify the type of 
integration employed for the executable: 


Integration = 0 (No Integration) 
Integration = 1 (Point-to-Point Integration) 
Integration = 2 (ODMA Integration) 
DualExe= Line 


Some programs, such as Lotus Word Pro, use a small startup executable that, in turn, calls the main 
program. Use the DualExe= line to specify the name of the main executable. You can specify the full 
path to the main executable, or you can specify the path relative to the startup executable. 


AppName= Line 


The AppName= line assigns the application an arbitrary name for use in the [ODMA Application 
Extensions] and [Integration State] sections. 


AppKey= Line 


The AppKey= line is used only with point-to-point integrations (Integration=1). It specifies a value 
used by Group Wise to pass information to and from the integrated application. The value must be 
unique among the point-to-point integrations defined in the gwappint . inf file. 


Examples Based on Standard Integrations 


The table below shows how the standard integrations are implemented in the gwappint . inf file: 
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Application 


Corel 
Presentations 


Corel Ouattro 
Pro 


Corel 
WordPerfect 


Lotus Word 
Pro 


Microsoft 
Binder 


Microsoft 
Excel 


Microsoft 
PowerPoint 


Microsoft Word 


Executable 


prwin.exe 


gpw.exe 


wpwin.exe 


wordpro.exe 


binder.exe 


excel.exe 


powerpnt.exe 


winword.exe 


Version 


3 


8, 9, 10 


6.1 


8, 9, 10 


96 


97 


97, 
2000, 
2002 


Comments 


If it is already installed on the workstation, GroupWise 
installation changes the Integrations= line to 0 and the 
application is available for selection as a non-integrated 
application. 


For ODMA integration, change the DualExe= line to 
system\prwin70.exe and the Integrations= line to 2. 


For ODMA integration, change the Integrations= line to 2. 


If it is already installed on the workstation, the GroupWise client 
installation changes the Integrations= line to 0 and the 
application is available for selection as a non-integrated 
application. 


For ODMA integration, change the Integrations: line to 2 


If it is already installed on the workstation, the GroupWise client 
installation changes the Integrations= line to 0 and the 
application is available for selection as a non-integrated 
application. 


For ODMA integration, change the DualExe= line to 
system\wpwin7.exe and the Integrations= line to 2. 


For ODMA integration, no DualExe- line is needed. Change 
the Integrations= line to 2. 


This application is 32-bit ODMA-compliant. Therefore, ifit is 
installed before GroupWise, it is available for selection as an 
ODMA-integrated application. 


For ODMA integration, change the DualExe= line to 
system\wordpro.exe and the Integrations= line to 2. 


This application is 32-bit ODMA-compliant. Therefore, ifit is 
installed before GroupWise, it is available for selection as an 
ODMA-integrated application. 


The Integrations= line is set to 1 for both versions. 


This application is 32-bit ODMA-compliant. Therefore, ifit is 
installed before GroupWise, it is available for selection as an 
ODMA-integrated application. 


If it is already installed on the workstation, GroupWise 
installation changes the Integrations= line to 1 and the 
application is available for selection for point-to-point 
integration. 


For ODMA integration, change the Integrations: line to 2. 


Integrations 
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24.2.3 


[ODMA Application Extensions] Section 


The [ODMA Application Extensions] section lists the file extensions GroupWise associates with 
particular document-producing applications. Examples include: 


Application File Extension 
Corel WordPerfect .wpd 
Microsoft Excel xls 
Microsoft PowerPoint .ppt 
Microsoft Word .doc 


[Integration State] Section 


The [Integration State] section records whether the user has turned integrations on or off for 
integrated applications. 


[Non-Integrated Defaults] Section 


The [Non-Integrated Defaults] section provides two configuration settings that apply to all non- 
integrated applications: 
¢ WaitInterval= line 


+ ShowMessage= line 


Waitlnterval= Line 


The Wait Intervals; line specifies a number of milliseconds for the GroupWise client to wait before it 
attempts to communicate with a non-integrated process. The wait interval allows the application to 
start completely before GroupWise contacts it. The default wait interval is 1000 milliseconds (one 
second). 


The default setting supplied in the [Non-Integrated Defaults] section can be overridden for 
specific applications by including a Wait Intervals line in the application’s [executable name] section. 


ShowMessage= Line 


The ShowMessage= line indicates whether or not to display a message to the GroupWise client user if 
GroupWise cannot contact a non-integrated application. Use ShowMessage=1 to display the message 
or ShowMessage=0 to suppress the message. 


The default setting supplied in the [Non-Integrated Defaults] section can be overridden for 
specific applications by including a ShowMessage= line in the application’s [executable name] section. 


Editing the gwappint.inf File 


The gwappint . inf file is a text file that can be modified using any text editor (Notepad, for example). 
By editing the gwappint . inf file, you can add integrations for applications for which Novell has not 
provided integrations. It is located in the c:\Program Files\Novell\GroupWise subdirectory. 
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24.3 Controlling Integrations in the GroupWise Windows Client 


For the convenience of GroupWise Windows client users, some settings in the gwappint . inf file can 
be modified from the client. 


In the GroupWise client: 


1 Click Tools > Options > Documents > Integrations. 


Documents Setup 


Library Configuration | Integrations | General 


Library names: 
Development Library [Default] 
Marketing Library Set Default 


Sales Library 


The Integrations tab of the Documents Setup dialog box lets users turn integrations on and off for 
the listed registered applications. 


If the application that users want to integrate is does not appear in the registered applications 
list, users must first make sure the application is installed on their workstations. Then they can 
either reinstall the GroupWise client or modify the gwappint . inf file as described in 

Section 24.2, “Setting Up Integrations Using the gwappint.inf File,” on page 388. 


The users’ selections on the Integrations tab are recorded in the [Integration State] section of the 
gwappint.inf file. 


2 Select an application to configure integration for, then click Advanced. 


Adobe FrameMaker Document 
Non-Integrated | Executable 


Message 


Display message for all non-integrated applications that cannot be 
tracked by GroupWise. 


V| Display message - manual end-access needed. 


Wait 
Set for: © This application 
© Default for all applications 


Wait time to detect application: 1 E seconds. 


The Non-Integrated tab enables users to set values for the ShowMessage= and Waitlnterval= lines 
in the gwappint.inf file. 


3 Click Executable. 
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Adobe FrameMaker Document 


m, 
Nom-Integrated | Executable 


& small number of applications use a dual-executable model. In this 
model, the first executable is invoked by the user. That executable then 
invokes the second executable, which is the actual application. 


In order to track an application that uses this model, GroupWise must know 
the name of the second executable. 


C This application uses the dual-executable model 


The Executable tab enables users to set the DualExe= line in the gwappint . inf file. 


4 Click OK twice to save the updated integration information. 


If users check the contents of the gwappint . inf file in the Windows system32 subdirectory, they see 
their integration configuration changes reflected there. 
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VI | | Databases 


+ Chapter 25, “Understanding GroupWise Databases,” on page 397 

+ Chapter 26, “Maintaining Domain and Post Office Databases,” on page 401 

+ Chapter 27, “Maintaining User/Resource and Message Databases,” on page 409 
* Chapter 28, “Maintaining Library Databases and Documents,” on page 415 

* Chapter 29, “Synchronizing Database Information,” on page 419 

* Chapter 30, “Managing Database Disk Space,” on page 423 

* Chapter 31, “Backing Up GroupWise Databases,” on page 431 

* Chapter 32, “Restoring GroupWise Databases from Backup,” on page 433 

* Chapter 33, “Retaining User Messages,” on page 441 

+ Chapter 34, “Stand-Alone Database Maintenance Programs,” on page 447 


For additional assistance in managing your GroupWise system, see GroupWise Best Practices (http:// 
wiki.novell.com/index.php/GroupWise). 
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25.1 


Understanding GroupWise Databases 


Your GroupWise system includes numerous databases where vital information is stored. 


+ Section 25.1, “Domain Databases,” on page 397 

+ Section 25.2, “Post Office Databases,” on page 398 
+ Section 25.3, “User Databases,” on page 398 

+ Section 25.4, “Message Databases,” on page 398 

+ Section 25.5, “Library Databases,” on page 399 

+ Section 25.6, “Guardian Databases,” on page 399 


NOTE: The maximum size for all types of GroupWise databases is 4 GB. Domains, post offices, and 
mailboxes consist of multiple databases, so there are no physical size limits for domains, post offices, 
and mailboxes. However, there are feasibility limitations based on potentially time-consuming 
activities such as backup/restore procedures. 


Domain Databases 


The domain database (wpdomain. db) in each domain contains all administrative information for the 
domain, including: 


+ Address information about all GroupWise objects (such as users and resources), post offices, and 
gateways in the domain 
+ System configuration and linking information for the domain's MTA 
+ Address and message routing information to other domains 
The first domain you create is the primary domain. In the primary domain, the wpdomain. db file 
contains all administrative information for your entire GroupWise system (all domains, post offices, 


users, and so on). Because the wpdomain. db file in the primary domain is so crucial, you should back 
itup regularly and keep it secure. See Section 31.1, “Backing Up a Domain,” on page 431. 


You can re-create your entire GroupWise system from the primary domain wpdomain. db file; 
however, if the primary domain wpdomain. db file becomes unusable, you can no longer make 
administrative updates to your GroupWise system. 


Every domain you create after the primary domain is a secondary domain. The contents of secondary 
domains are automatically synchronized with the primary domain. 


For the location of the domain database, see “Domain Directory” in GroupWise 2012 Troubleshooting 3: 
Message Flow and Directory Structure. For additional domain information, see Section 41.3, 
“Information Stored in the Domain,” on page 622. 


The database version for GroupWise 2012 domain databases is 1200. 
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25.2 


25.3 


25.4 


Post Office Databases 


The post office database (wphost . db) in each post office contains all administrative information for 
the post office, including a copy of the GroupWise Address Book. This information is necessary for 
users to send messages to others in the GroupWise system. 


For the location of the post office database, see “Post Office Directory” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. For more post office information, see 
Section 35.3, “Information Stored in the Post Office,” on page 472. 


The database version for GroupWise 2012 post office databases is 1200. 


User Databases 


Each member of the post office has a personal database (user xxx. db) that represents the user's 
mailbox. The user database contains the following: 


+ Message header information 
¢ Pointers to messages 
* Personal groups 
+ Personal address books 
+ Rules 
When a member of another post office shares a folder with one or more members of the local post 


office, a “prime user” database (puxxxxx.db) is created to store the shared information. The prime 
user is the owner of the shared information. 


Local user databases and prime user databases are stored in the ofuser directory in the post office. 
Because resources are addressable just like users, resources also have user databases. 


For the location of user databases in the post office, see “Post Office Directory” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. For more post office information, see 
Section 35.3, “Information Stored in the Post Office,” on page 472. 


Message Databases 


Each member of the post office is assigned to a message database (msgnnn.db) where the body 
portions of messages are stored. Many users in a post office share a single message database. There 
can be as many as 255 message databases in the post office (numbered from 0 to 254). Message 
databases are stored in the ofmsg directory in the post office. 


Outgoing messages from local senders are stored in the message database assigned to each sender. 
Incoming messages from users in other post offices are stored in the message database with the same 
name as the message database assigned to the sender in his or her own post office. In each case, only 
one copy of the message is stored in the post office, no matter how many members of the post office it 
is addressed to. 


For the location of message databases in the post office, see “Post Office Directory” in Group Wise 2012 
Troubleshooting 3: Message Flow and Directory Structure. For more post office information, see 
Section 35.3, “Information Stored in the Post Office,” on page 472. 
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25.5 


25.6 


Library Databases 


A library is a collection of documents and document properties stored in a database system that can 
be managed and searched. You do not need to set up libraries unless you are using GroupWise 
Document Management Services (DMS). See Part VII, “Libraries and Documents,” on page 313. 


The databases for managing libraries are stored in the gwdms directory and its subdirectories in the 
post office. 


The dmsh. db file is a database shared by all libraries in the post office. It contains information about 
where each library in the post office is located. 


Each library has its own subdirectory in the gwdms directory. In each library directory, the 
dmxxnn01-FF.db files contain information specific to that library, such as document properties and 
what users have rights to access the library. 


For the location of library databases in the post office, see “Post Office Directory” in Group Wise 2012 
Troubleshooting 3: Message Flow and Directory Structure. For more post office information, see 
Section 35.3, “Information Stored in the Post Office,” on page 472. 


The actual documents in a library are not kept in the library databases. They are kept in a document 
storage area, which consists of a series of directories for storing documents. Documents are 
encrypted and stored in BLOBs (binary large objects) to make document management easier. A 
document, its versions, and related objects are stored together in the same BLOB. 


A document storage area might be located in the post office itself, or in some other location where 
more storage space is available. If it is located in the post office, the document storage area can never 
be moved. Therefore, storing documents in the post office directory structure is not usually 
recommended. If it is stored outside the post office, a document storage area can be moved when 
additional disk space is reguired. 


See Chapter 22, “Creating and Managing Libraries,” on page 323 and Chapter 23, “Creating and 
Managing Documents,” on page 359 for more information about Document Management Services. 


Guardian Databases 


The guardian database (ngwguard. db) serves as the master copy of the data dictionary information 
for the following subordinate databases in the post office: 


+ User databases (userxxx. db) 
+ Message databases (msgnnn. db) 
+ Prime user databases (puxxxxx. db) 


+ Library databases (dmsh. db and dmxxnn01-FF.db) 


The guardian database is vital to GroupWise functioning. Therefore, the POA has an automated 
back-up and roll-forward process to protect it. The POA keeps a known good copy of the guardian 
database called ngwguard.fbk. Whenever it modifies the ngwguard. db file, the POA also records the 
transaction in the roll-forward transaction log called ngwguard.rf1. If the POA detects damage to 
the ngwguard. db file on startup or during a write transaction, it goes back to the ngwguard. fbk file 
(the “fall back” copy) and applies the transactions recorded in the ngwguard.rf1 file to create a new, 
valid and up-to-date ngwguard. db. 


In addition to the POA back-up and roll-forward process, you should still back up the ngwguard. db, 
ngwguard. fbk, and ngwguard. rf1 files regularly to protect against media failure. Without a valid 
ngwguard. db file, you cannot access your email. With current ngwguard. fbk and ngwguard. rfl 
files, a valid ngwguard. db file can be rebuilt should the need arise. 
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The ngwguard. dc file is the structural template for building the guardian database and its 
subordinate databases. Also called a dictionary file, the ngwguard. dc file contains schema 
information, such as data types and record indexes. If this dictionary file is missing, no additional 
databases can be created in the post office. 


400 GroupWise 2012 Administration Guide 


Maintaining Domain and Post Office 
Databases 


Occasionally, it is necessary to perform maintenance tasks on domain databases (wpdomain. db) or 
post office databases (wphost . db). The frequency depends on the reliability of your network and 
your own experience of how often problems are likely to occur. The following tasks help you 
maintain the integrity of your domain and post office databases: 


+ Section 26.1, “Validating Domain or Post Office Databases,” on page 401 
+ Section 26.2, “Recovering Domain or Post Office Databases,” on page 402 
+ Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 405 
+ Section 26.4, “Rebuilding Database Indexes,” on page 407 


NOTE: Unfortunately, damage to databases cannot be prevented. A power outage can occur in the 
middle of a write to a database. A hard drive can fail. However, the GroupWise tools for repairing 
damaged databases are very effective and should be able to resolve most damage to GroupWise 
databases. 


To further protect your GroupWise system against loss of domain and post office information, see: 


* Chapter 31, “Backing Up GroupWise Databases,” on page 431 

* Chapter 32, “Restoring GroupWise Databases from Backup,” on page 433 
To ensure that the same information exists in all domain and post office databases throughout your 
GroupWise system, see: 

+ Section 29.5, “Synchronizing the Primary Domain from a Secondary Domain,” on page 422 

+ Section 29.4, “Synchronizing a Secondary Domain,” on page 421 


+ Section 29.2, “Synchronizing a Post Office,” on page 420 


26.1 Validating Domain or Post Office Databases 


You can validate the data in the domain and post office databases at any time without interrupting 
normal GroupWise operation. The frequency can vary depending on the size of your system and the 
number of changes you make to users, resources, and distribution lists. 


1 Make sure you have full administrative rights to the domain and post office database directories 
you are validating. 


2 In ConsoleOne, browse to and select the Domain object or Post Office object where you want to 
validate the database. 
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3 Click Tools > GroupWise Utilities > System Maintenance. 


GroupWise System Maintenance 


C Recover Database 


© Rebuild Database 


C Reclaim Unused Space 
© Rebuild Indexes for Listing 
c 


Description: 
Validate checks for physical consistency. If problems are 
found, you should perform a Recover or a Rebuild. 


4 Click Validate Database > Run. 


5 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being validated. Click OK. 


You are notified if there are any physical problems, so you can then recover or rebuild the 
database. 


See Section 26.2, “Recovering Domain or Post Office Databases,” on page 402 and Section 26.3, 
“Rebuilding Domain or Post Office Databases,” on page 405. 


26.2 Recovering Domain or Post Office Databases 


The database recover process corrects physical problems in the database structure, but does not 
update incorrect information contained in the database. 


If you receive an administrative message informing you that an internal database error has occurred, 
or if you detect database damage and don’t want to take users out of GroupWise, you can recover the 
database. If no errors are reported after the recover process, you do not need to take further action. 


The recover process is run against a copy of the domain database (wpdomain. db) or post office 
database (wphost . db). Therefore, while the recover process is running, you can continue to access the 
database through ConsoleOne and you do not need to stop the MTA or the POA. 
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As the copy of the database is created, the recover process skips invalid records. If the number of 
records in the original wpdomain. db file or wphost . db file is different from the number in the new, 
valid copy, Group Wise sends an administrative message informing you that data has been lost. When 
the recover process is completed, the backup database is deleted. 


S 


wpdomain.db 


Check the number of 
records (X) in wpdomain.db. 


wpdomain.db 
recover.ddb 


Rename wpdomain.db 
to recover.ddb. 


creating.ddb 


| 


Read and copy records from 
recover.ddb into creating.ddb. Skip 


invalid records. Check the number of 
records (Y) in creating.ddb . 


O-ED-O 
| | 


creating.ddb 


Delete creating.ddb. x, 


| 


C recover.ddb 
wpdomain.db 


Rename recover.ddb 


to wpdomain.db 


Notify the administrator 
that wpdomain.db 
could not be recovered. 


5 
: 

= 
| 


wpdomain.db 


Try rebuilding th 
wpdomain.db. Z 7 


recover.ddb 
3 Delete recover.ddb . 


o creating.ddb 
wpdomain.db 


Rename creating.ddb 
to wpdomain.db. 


O E 


wpdomain.db 


wpdomain.db 
is useable. 


Notify the administrator 
that information has 
been lost in the 


recovery process. i 
wpdomain.db 


y 


wpdomain.db has been 
successfully recovered. 
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For convenience, the agents are configured by default to automatically recover domain and post 
office databases whenever a physical problem is encountered. See “Recovering the Domain Database 
Automatically or Immediately” on page 667 and “Recovering the Post Office Database Automatically 
or Immediately” on page 535. 


To recover a specific database in ConsoleOne: 
1 Make sure you have network access to the domain or post office directory for the database you 
are recovering. 


If you have administration rights in the primary domain, you can recover the primary domain 
database, the post office databases in the primary domain, and any secondary domain 
databases. 


From a secondary domain, you can recover the secondary domain database and the post office 
databases in the secondary domain. 


2 Make sure you have sufficient disk space for the copy of the database that is created during 
recovery. 


3 In ConsoleOne, browse to and select the Domain object or Post Office object where you want to 
recover the database. 


4 Click Tools > GroupWise Utilities > System Maintenance. 


© Rebuild Database 


C Reclaim Unused Space 


C Rebuild Indexes for Listing 


Description: 
Recover can be performed even while the database is in 
use. Any database inconsistencies will be corrected, but 
may result in loss of information. 


5 Click Recover Database > Run. 


6 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being validated. Click OK. 


If recovery is successful, the backup database is deleted, and the new domain database is renamed to 
wpdomain. db, or the new post office database is renamed to wphost . db. 


If recovery fails for any reason, the backup database is copied back to wpdomain.db or wphost . db. If 
any data was lost, you are notified by an administrative message. 


You have several options for retrieving lost data from other sources: 


¢ If data has been lost from the primary domain, you can synchronize it with a secondary domain 
that is known to contain current information. See Section 29.5, “Synchronizing the Primary 
Domain from a Secondary Domain,” on page 422. 
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+ If data has been lost from a secondary domain, you can synchronize it with the primary domain. 
See Section 29.4, “Synchronizing a Secondary Domain,” on page 421. 


+ You can also rebuild the database at a later time when you have exclusive access to the database 
where the data has been lost. See Section 26.3, “Rebuilding Domain or Post Office Databases,” 
on page 405. 


26.3 Rebuilding Domain or Post Office Databases 


In addition to correcting the physical problems resolved by the database recover process, the rebuild 
process updates user and object information in a domain database (wpdomain. db) or post office 
database (wphost . db). However, the process requires that no users or GroupWise agents (MTA or 
POA) have access to the database during the rebuild process. 


You should rebuild a domain or post office database if you encounter any of the following conditions: 


+ Objects are not being replicated between domains. 
+ The agent that writes to the database went down unexpectedly. 
+ The server where the database resides went down unexpectedly. 


+ You receive an administrative message informing you that an internal database error has 
occurred or there is database damage and you think there might be data loss. 


+ You ran the recover database process and received a notification of data loss. 


When you rebuild a secondary domain database, information is retrieved from the primary domain. 
When you rebuild a post office database, information is retrieved from the domain it belongs to. 
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406 


During the rebuild process, a backup of the domain or post office database is created as well as a new 
wpdomain.db or wphost . db. The records from the primary domain database are copied into the new 
wpdomain.db. There should not be any data loss. When the rebuild process is complete, the 
temporary database and the backup database are deleted. 


Primary Domain 
wpdomain.db wpdomain.db creating.ddb 


>A — | 
Copy records from the primary 
cs domain wpdomain.db 


| into creating.ddb. 


©» -© 


creating.ddb 


Delete wpdomain.db. 
Delete creating.ddb. x, 


| N creating.ddb 


wpdomain.db wpdomain.db 


wpdomain.db remains Rename creating.ddb 
unchanged. to wpdomain.db. 


Notify the administrator 
that wpdomain.db 
could not be rebuilt. 


wpdomain.db wpdomain.db 


wpdomain.db has been 
successfully rebuilt. 


Restore wpdomain.db 


from backup. 


e 


To rebuild a database: 


1 Stop all GroupWise agents that might access the database during the rebuild, as described in 
“Stopping the MTA” on page 663 and “Stopping the POA” on page 530. 


2 (Conditional) If you are rebuilding a post office database, have all users exit GroupWise, then 
disable the post office before the rebuild, as described in Section 12.9, “Disabling a Post Office,” 
on page 212. 


3 Make sure you have sufficient disk space for the copy of the database that is created during the 
rebuild process. 
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4 In ConsoleOne: 
4a (Conditional) If you are rebuilding a domain database, connect to the primary domain. 
or 


4b (Conditional) If you are rebuilding a post office database, connect to the domain that owns 
the post office. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


5 Browse to and select the Domain object or Post Office object where you want to rebuild the 
database. 


6 Click Tools > GroupWise Utilities > System Maintenance. 


GroupWise System Maintenance 


C Validate Database 


C Recover Database 


Ci 
C Reclaim Unused Space 

C Rebuild Indexes for Listing 
c 


Description: 
Rebuild requires exclusive access. For domains, a new 
database will be created from the information in the 
primary domain. For post offices, a new database will be 
created from the information in the parent domain. 


7 Click Rebuild Database > Run. 


8 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being rebuilt. Click OK. 


26.4 Rebuilding Database Indexes 


Each domain database (wpdomain . db) and post office database (wphost . db) contains three indexes 
that are used to determine the order of the Address Book: the system index, the domain index, and 
the post office index. When you display the GroupWise Address Book, the system index is used. 
When you display a domain-level Address Book, the domain index is used, and when you display 
the Address Book for a post office, the post office index is used. 


The GroupWise client uses the post office database to list users. If you are in the GroupWise client 
and the indexes for listing system, domain, and post office users are different than the domain 
database indexes, you should rebuild the post office database indexes. The most common cause of 
incorrect indexes in a post office is that the post office database was closed when you set up the list 
information. 


To rebuild a database index: 


1 Make sure you have administrative rights to the database whose indexes you are rebuilding. 


2 In ConsoleOne, browse to and select the Domain object or Post Office object where you want to 
rebuild the database index. 
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3 Click Tools > GroupWise Utilities > System Maintenance. 


tc] GroupWise System Maintenance 


© Validate Database 
C Recover Database 
© Rebuild Database 


C Reclaim Unused Space 


Description: 
Rebuild listing indexes reconstructs the indexes used by 
the Address Book. 


4 Select Rebuild Indexes for Listing, then click Run. 


5 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being whose indexes are being rebuilt. Click OK. 
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Maintaining User/Resource and Message 
Databases 


It is sometimes necessary to perform maintenance tasks on user and resource databases 
(userxxx.db) and message databases (msgnnn. db). The frequency depends on the reliability of your 
network and your own experience of how often problems are likely to occur. The following tasks help 
you maintain the integrity of your user and message databases. 

+ Section 27.1, “Analyzing and Fixing User and Message Databases,” on page 409 

+ Section 27.2, “Performing a Structural Rebuild of a User Database,” on page 411 


+ Section 27.3, “Re-creating a User Database,” on page 412 


NOTE: Unfortunately, damage to databases cannot be prevented. A power outage can occur in the 
middle of a write to a database. A hard drive can fail. However, the GroupWise tools for repairing 
damaged databases are very effective and should be able to resolve most damage to GroupWise 
databases. 


To further protect your GroupWise users against loss of mailbox contents, see Chapter 31, “Backing 
Up GroupWise Databases,” on page 431 and Chapter 32, “Restoring GroupWise Databases from 
Backup,” on page 433. 


To ensure that the same information exists for users and messages throughout your GroupWise 
system, see Section 29.1, “Synchronizing Individual Users or Resources,” on page 419. 


27.1 Analyzing and Fixing User and Message Databases 


The Analyze/Fix option of Mailbox/Library Maintenance looks for problems and errors in user and 
resource databases (userxxx.db) and/or message databases (msgnnn. db) and then fixes them if you 
select the Fix Problems option. You can analyze databases individually or you can analyze all user, 
resource, and/or message databases in one or more post offices. 


To analyze and repair user, resource, and/or message databases: 


1 In ConsoleOne, browse to and select one or more User or Resource objects to check individual 
users or resources. 
or 


Browse to and select one or more Post Office objects to select all user and/or message databases 
in the post office. 
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2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: Action: Run 

post Offices 3 Analyze/Fix Databases 
Bis Provot Development | Structure 
Index check Retrieve... 
Contents 


Hel 
Fix problems [te] 


Update user disk space totals 


© Object Type 


Databases | Logging | Results | Misc | Exclude 


User 


Message 


Document 


Options file: <default> 


3 From the Action drop-down menu, select Analyze/Fix Databases. 
4 Select from the following options: 


Structure: When a user experiences a problem that is related to the user, message, or library 
databases, you should perform a structure check. The structure check verifies the integrity of the 
databases and reports the amount of space that could be recovered. If there is a structural 
problem, the databases are rebuilt with free space reclaimed. 


Index Check: If you select Structure, you can also select Index Check. You should run an index 
check if a user tries to open a message and gets a read error, or when sent items that show a 
delivered status in the Properties window do not appear in the recipient’s mailbox. An index 
check can be time-consuming. 


Contents: The user databases (located in the ofuser directory) do not contain user messages. 
Messages are contained in the message databases under the ofmsg directory. However, the 
message databases do not contain the message attachments; these are located in the offiles 
directory. A contents check analyzes references to other items. For example, in the user database, 
Mailbox/Library Maintenance verifies that any referenced messages actually exist in the 
message database. In the message database, it verifies that any attachments that are referenced 
actually exist in the attachment directories. A contents check also restores system folders 
(Mailbox, Sent Items, Calendar, Cabinet, and Trash to their default locations if any of them have 
been moved into a subfolder. 


Collect Statistics: If you selected Contents, the Collect Statistics option is available to collect and 
display statistics about the post office, such as the number of messages and appointments in the 
post office and the average number per user. In addition, you can display any user mailboxes 
that have more than a specified number of items. This can help determine if some users are 
using an excessive amount of disk space. If this is a problem, you might want to encourage users 
to delete unneeded items or to use the Archive feature in the GroupWise client to store messages 
on their local drives. You can also limit the amount of disk space each user can have. See 
Section 12.3, “Managing Disk Space Usage in the Post Office,” on page 196. 
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Attachment File Check: Files that are attached to messages are stored under the offiles 
subdirectory in the post office. When Mailbox/Library Maintenance performs an attachment file 
check, it reads each attachment file, verifying the file structure. If you skip the attachment file 
check, Mailbox/Library Maintenance verifies that the attachment file exists but it does not 
process the file in any way. 


Fix Problems: This option tells Mailbox/Library Maintenance to fix any problems it finds. 
Otherwise, Mailbox/Library Maintenance just reports the problems. 


Update User Disk Space Totals: Recalculates the total disk space a GroupWise user is using by 
reading the selected user mailboxes and updating the poll record used for disk space 
management. Because disk space is user-specific, the program calculates the amount of disk 
space in use by the user in the user databases, in any of the message databases, and in the 
attachment directory. Disk space limitations do not take into account the disk space used in 
document libraries. This option is usually run if the user totals are not being reflected correctly. 


5 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 452 
“Logging” on page 453 
“Results” on page 453 
“Misc” on page 453 
“Exclude” on page 454 
Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 
6 Click Run to perform the Analyze/Fix operation. 


Analyze/Fix can also be run using the stand-alone GroupWise Check program. See Section 34.1, 
“GroupWise Check,” on page 447. It can also be scheduled to run on a regular basis by properly 
configuring the POA. See Section 36.4.1, “Scheduling Database Maintenance,” on page 517. 


27.2 Performing a Structural Rebuild of a User Database 


The Structural Rebuild option of Mailbox/Library Maintenance rebuilds the structure of a user or 
resource database (userxxx.db) and reclaims any free space. It does not re-create the contents of the 
database. If you need to recover database contents as well as structure, see Section 27.3, “Re-creating 
a User Database,” on page 412. 


To rebuild a user database: 


1 In ConsoleOne, browse to and select one or more User or Resource objects whose database 
needs to be rebuilt. 
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2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance K) 


© GroupWise Objects: Action: a 
[usersRäesowces +]| | EME = n | 
elc 


Close 
Retrieve... 
Save... 
Help 


Databases | Logging | Results | Misc | 


IV User 
IV Message 
> 


Options file: <default> 


3 From the Action drop-down list, select Structural Rebuild. 


4 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 


“Databases” on page 452 

“Logging” on page 453 

“Results” on page 453 

“Misc” on page 453 

Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 


5 Click Run to perform a structural rebuild of the user database. 


Re-creating a User Database 


The Re-create User Database option of Mailbox/Library Maintenance rebuilds a user or resource 
database (userxxx.db) and recovers any information it can. Some information is lost, such as the 
folder assignments. 


You should never need to select this option for regular database maintenance. It is designed for 
severe problems, such as replacing a user database that has been accidentally deleted and for which 
you have no backup copy. A substantial amount of information is lost in the re-creation process, as 
listed in “User Databases” on page 473. Because folder assignments are lost, all items are placed into 
the Cabinet folder. The user must then reorganize all the items in his or her mailbox. Using filters and 
searching can facilitate this process, but it is not a desirable experience. It is, however, preferable to 
losing everything. 


To re-create a user database: 


1 In ConsoleOne, browse to and select one or more User or Resource objects that need the user 
database re-created. 
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2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


KS Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: 


UsersRé&esources Y Re-create User Database 
& jya 33.Mai 


Databases | Logging | Resuts | Misc | 


Options file: <default> 


3 From the Action drop-down list, select Re-create User Database. 
4 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 452 
“Logging” on page 453 
“Results” on page 453 
“Misc” on page 453 


Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 


5 Click Run to re-create the user database. 
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28.1 


Maintaining Library Databases and 
Documents 


GroupWise Document Management Services (DMS) uses libraries as repositories for documents. For 
a review of library database structure, see Section 25.5, “Library Databases,” on page 399. 


+ Section 28.1, “Analyzing and Fixing Databases for Libraries and Documents,” on page 415 


+ Section 28.2, “Analyzing and Fixing Library and Document Information,” on page 416 


NOTE: Unfortunately, damage to databases cannot be prevented. A power outage can occur in the 
middle of a write to a database. A hard drive can fail. However, the GroupWise tools for repairing 
damaged databases are very effective and should be able to resolve most damage to GroupWise 
databases. 


Analyzing and Fixing Databases for Libraries and 
Documents 


For libraries, the Analyze/Fix Databases option of Mailbox/Library Maintenance looks for problems 
and errors in library and document databases and then fixes them if you select the Fix Problems 
option. 


1 In ConsoleOne, browse to and select one or more Library objects. 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: Action: 


Libraries J Analyze/Fix Databases 


[7 Development Librarya [Y] Structure 


Index check 


[V] Fix problems 


Databases | Logging | Results | Misc 


Options file: <default> 
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3 From the Action drop-down menu, select Analyze/Fix Databases. 
4 Select from the following options: 


Structure: When a user experiences a problem that is related to the library databases, you should 
perform a structure check. The structure check verifies the integrity of the databases and reports 
the amount of space that could be recovered. If there is a structural problem, the databases are 
rebuilt with free space reclaimed. 


Index Check: If you select Structure, you can also select Index Check. An index check can be time- 
consuming. 


Contents: The library database (located in the gwdms directory of the post office) does not 
contain documents. Documents are stored in the 1ib0000-FF directories. A contents check 
analyzes references from libraries to documents. 


Collect Statistics: If you selected Contents, the Collect Statistics option is available to collect and 
display statistics about the library, such as the number and size of documents. 


Attachment File Check: Files that are attached to messages are stored under the offiles 
subdirectory in the post office. When Mailbox/Library Maintenance performs an attachment file 
check, it reads each attachment file, verifying the file structure. If you skip the attachment file 
check, Mailbox/Library Maintenance verifies that the attachment file exists but it does not 
process the file in any way. 


Fix Problems: This option tells Mailbox/Library Maintenance to fix any problems it finds. 
Otherwise, Mailbox/Library Maintenance just reports the problems. 


5 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 452 
“Logging” on page 453 
“Results” on page 453 
“Misc” on page 453 
Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 
6 Click Run to perform the Analyze/Fix Databases operation on the library. 


Analyze/Fix Databases can also be run using the stand-alone GroupWise Check program. See 
Section 34.1, “GroupWise Check,” on page 447. It can also be scheduled to run on a regular basis by 
properly configuring the POA. See Section 36.4.1, “Scheduling Database Maintenance,” on page 517. 


Analyzing and Fixing Library and Document Information 


The Analyze/Fix Library option of Mailbox/Library Maintenance performs more library-specific 
functions than Analyze/Fix Databases. For all options except Verify Library, all documents in each of the 
selected library databases are checked. This can be a time-consuming process. Therefore, if you 
intend to select more than one of the Analyze/Fix Library options, you can save time by selecting each 
of them before clicking Run. This causes all selected options to be run against each document, which 
is faster than running each option individually against all documents. 


To validate library databases: 


1 In ConsoleOne, browse to and select one or more Post Office objects where you want to validate 
libraries. 


416 GroupWise 2012 Administration Guide 


2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 
© GroupWise Objects: Fe 


Post Offices Analyze/Fix Library 


Close 
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Verify document files 


Validate all document security Save... 
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Help 
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© Object Type 


Databases | Logging | Results | Misc 


Options file: <default> 


3 Fromthe Action drop-down menu, select Analyze/Fix Library. 
4. Select from the following options: 


Verify Library: This is a post office-level check. It verifies that all libraries are on the libraries list. 
It also checks the schema and guarantees its integrity. If there is a problem with the schema, it 
resets to a default schema to reclaim any missing items. For example, if you deleted the 
Document Type property, you could recover it using this option. 


Fix Document/Version/Element: This performs an integrity check to verify the following: 
+ Each document has one or more versions linked to it. 
+ Each version has one or more elements linked to it. 
+ All versions are linked to a document. 
+ All elements are linked to a version. 


If there are any missing links, the missing documents or versions are created from the 
information contained in the existing version or element for which the link is missing. For 
example, if a version is found that shows no link to a document, a document is created from the 
information contained in the version and the link is reestablished. Of course, any information in 
the lost document that might have been newer than the information contained in the old version 
is lost. 


Verify Document Files: This determines if the BLOB exists for a document and the document is 
accessible. If not, an error is logged for that document. The log message does not indicate why a 
file is missing or inaccessible. You can recover a file by restoring it from backup. 


Possible errors that would be logged include: 


+ If the file system on the network becomes corrupted, this tells you which documents cannot 
be opened or which BLOB files are missing. 


+ Ifa file was marked by someone as Read Only or Hidden, this option logs an error 
indicating that the file is inaccessible. 


Validate All Document Security: This option validates document security for the Author, 
Creator and Security (document sharing) fields. The validation replaces the results of selecting 
the Validate Author/Creator Security option, and is more thorough. Therefore, you only need to 
select one option or the other. 
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Synchronize User Name: The Author and Creator fields display users’ full names, not unique 
IDs. If a user's name is changed, such as for marriage, this option verifies that the user's name on 
document and version records is the same as the user's current display name. In other words, 
the Author and Creator fields in documents and versions are updated to the user's newer name. 


Remove Deleted Storage Areas: When you delete a document storage area in the Storage Areas 
page of a library’s details dialog box, the document storage area and the documents stored there 
remain on the system. Deleting the storage area from the library only means that new 
documents are not stored there. The documents there continue to be available to users. 


If you want to also remove the document storage area from the system, you have two options: 
delete the storage area and its documents, or first move the documents and then delete the 
storage area. The first option is not advisable, but exists so that if you have moved all of the 
documents that can be moved, but some corrupted documents are left behind, you can force the 
document storage area to be deleted. 


You should normally select Move Documents First so that users continue to have access to those 
documents from a different document storage area. With this option, all BLOBs in the library are 
checked to see which documents are inthe area being deleted. 


Reassign Orphaned Documents: Documents can occasionally become orphaned (unattached to 
a user). For example, this can happen when a user leaves your organization and the user object is 
removed. All documents belonging to that user are no longer available in GroupWise searches 
and cannot be accessed by anyone (document security is controlled by the user listed in the 
Author and Creator fields). This option lets you reassign these documents to another user. You 
must select a new author from the browser menu after checking this option. The new author you 
designate has access to all orphaned documents in this library. 


Reset Word Lists: Documents stored in a library are indexed and inserted into a generated word 
list. This allows users to search for a document by keywords as well as any word contained 
within a document. The document library word list might become outdated and if this occurs, 
the word list must be regenerated. This option allows the program to regenerate the document 
library word list the next time an index operation is performed. 


Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 

“Databases” on page 452 

“Logging” on page 453 

“Results” on page 453 

“Misc” on page 453 

Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 


6 Click Run to perform the Analyze/Fix Library operation. 


Analyze/Fix Library can also be run using the stand-alone GroupWise Check program. See 
Section 34.1, “GroupWise Check,” on page 447. It can also be scheduled to run on a regular basis by 
properly configuring the POA. See Section 36.4.1, “Scheduling Database Maintenance,” on page 517. 
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Synchronizing Database Information 


In general, synchronization of object information throughout your GroupWise system occurs 
automatically. Whenever you add, delete, or modify a GroupWise object, the information is 
automatically replicated to all appropriate databases. Ideally, each domain database (wpdomain. db) 
in your system contains original records for all objects it owns and accurately replicated records for 
all objects owned by other domains. However, because unavoidable events such as power outages 
and hardware problems can disrupt network connectivity, information in various databases might 
get out of sync. 


If you think you have a synchronization problem, especially soon after adding, deleting, or 
modifying objects, it is wise to check Pending Operations to make sure your changes have been 
processed. See Section 4.5, “Pending Operations,” on page 80. When waiting for replication to take 
place, patience is a virtue. 


When information differs between the original record and a replicated record, the original record is 
considered correct. If you perform synchronization from the owning domain, the owning domain 
notifies the primary domain of the correct information, then the primary domain broadcasts the 
correct information to all secondary domains. Therefore, the best place to perform synchronization is 
from the domain that owns the object that is out of sync. The next best place to perform 
synchronization is from the primary domain, because the primary domain sends a request to the 
owning domain for the correct information, then broadcasts the correct information to all secondary 
domains. 


Any GroupWise object can be synchronized: 


+ Section 29.1, “Synchronizing Individual Users or Resources,” on page 419 
+ Section 29.2, “Synchronizing a Post Office,” on page 420 

+ Section 29.3, “Synchronizing a Library,” on page 421 

+ Section 29.4, “Synchronizing a Secondary Domain,” on page 421 


+ Section 29.5, “Synchronizing the Primary Domain from a Secondary Domain,” on page 422 


Synchronizing Individual Users or Resources 


Most often, you will notice a synchronization problem when a user has trouble sending a message. 
Symptoms include: 
+ The sender receives a “user is undeliverable” message. 


+ Anew user or resource created in ConsoleOne does not appear in the Address Book in some or 
all post offices. 


+ User or resource information is incorrect in the Address Book but correct in ConsoleOne. 


+ A user or resource is listed in the Address Book as belonging to one post office but actually 
belongs to another. 


Synchronizing Database Information 419 


29.2 


To synchronize individual User and/or Resource objects: 


1 


oun AR O 


In ConsoleOne, connect to the domain that owns the users and/or resources. 
or 
Connect to the primary domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


Browse to and right-click one or more User or Resource objects to synchronize, then click 
Properties. 


Make sure the correct information appears on the object's Identification page, then click Cancel. 
Repeat Step 2 and Step 3 for each user or resource you need to synchronize. 

Select each User or Resource object, then click Tools > Group Wise Utilities > Synchronize. 

When you are asked whether to proceed, click Yes. 

Current, correct information is then replicated throughout your GroupWise system. 


If many User or Resource objects are being synchronized, you can check progress by viewing 
pending operations. See Section 4.5, “Pending Operations,” on page 80. 


After synchronization is complete, you can verify that it was successful by checking the 
synchronized objects in Address Books and several post offices in your Group Wise system. 


If there are indications that a large number of User or Resource objects need to be synchronized, 
rebuilding the post office database (wphost . db) can be preferable to synchronizing individual 
objects. However, this process requires exclusive access to the post office database. See Section 26.3, 
“Rebuilding Domain or Post Office Databases,” on page 405. 


Occasionally, GroupWise user information can get out of sync with Novell eDirectory user 
information. This requires a different type of synchronization process. See Section 42.4.1, “Using 
eDirectory User Synchronization,” on page 652. 


Synchronizing a Post Office 


If information for a particular post office does not display the same throughout your GroupWise 
system, you can synchronize the post office. 


1 


In ConsoleOne, connect to the domain that owns the post office, as described in Section 9.1, 
“Connecting to a Domain,” on page 145. 


or 
Connect to the primary domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


2 Browse to and right-click the Post Office object to synchronize, then click Properties. 


3 Make sure the correct information appears on the post office Identification page, then click 


Cancel. 


4 Select the Post Office object, then click Tools > GroupWise Utilities > Synchronize. 


5 When you are asked whether to proceed, click Yes. 


Current, correct post office information is then replicated throughout your GroupWise system. 


After synchronization is complete, you can verify that it was successful by checking the post 
office information when connected to different domains in your GroupWise system. 
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29.4 


See also Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 405. 


Synchronizing a Library 


If information for a library does not display the same throughout your GroupWise system, you can 
synchronize the library. 


1 
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In ConsoleOne, connect to the domain that owns the library. 
or 
Connect to the primary domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


Browse to and right-click the Library object to synchronize, then click Properties. 

Make sure the correct information appears on the library Identification page, then click Cancel. 
Select the Library object, then click Tools > GroupWise Utilities > Synchronize. 

When you are asked whether to proceed, click Yes. 

Current, correct library information is then replicated throughout your GroupWise system. 


After synchronization is complete, you can verify that it was successful by checking the library 
information when connected to different domains in your GroupWise system. 


See also Section 28.2, “Analyzing and Fixing Library and Document Information,” on page 416. 


Synchronizing a Secondary Domain 


If information for a particular secondary domain does not display the same throughout your 
GroupWise system, you can synchronize the secondary domain. 


1 
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In ConsoleOne, connect to the primary domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


If there is any doubt about the correctness of that secondary domain’s information as stored in 
the primary domain database, synchronize the primary domain with the secondary domain 
before proceeding, as described in Section 29.5, “Synchronizing the Primary Domain from a 
Secondary Domain,” on page 422. 


Browse to and right-click the Domain object to synchronize, then click Properties. 

Make sure the correct information appears on the domain Identification page, then click Cancel. 
Select the Domain object, then click Tools > GroupWise Utilities > Synchronize. 

When you are asked whether to proceed, click Yes. 


Current, correct domain information for the secondary domain is then replicated throughout 
your GroupWise system. 


After synchronization is complete, you can verify that it was successful by checking the domain 
information when connected to different domains in your GroupWise system. 


See also Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 405. 
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29.5 Synchronizing the Primary Domain from a Secondary 
Domain 


Information about a secondary domain stored in the secondary domain database is considered more 
current and correct than information about that secondary domain stored in the primary domain 
database. If the primary domain database contains out-of-date information, you can synchronize the 
primary domain from the secondary domain. 


When you synchronize the primary domain database from a secondary domain database, any 
records the secondary domain owns, such as post offices or users added to the secondary domain, are 
replicated from the secondary domain database to the primary domain database. 


To synchronize the primary domain from a secondary domain: 
1 You must have administrative rights to the primary domain directory and the secondary domain 
directory from which the primary domain is being synchronized. 
2 In ConsoleOne, connect to the primary domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


3 Browse to and select the Domain object of the secondary domain whose database you want to 
use to synchronize the primary domain database. 


4 Click Tools > GroupWise Utilities > System Maintenance. 


GroupWise System Maintenance 


© validate Database 
C Recover Database 


C Rebuild Database 


C Reclaim Unused Space 
© Rebuild Indexes for Listing 
ed 


© Convert Secondary to Primary 


C Release Secondary 
c 
c 


Description: 
Synchronize primary with secondary ensures that each 
record in the secondary domain has a matching record in 
the primary domain database. 


5 Select Sync Primary with Secondary, then click Run. 


6 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database being validated. Click OK. 


To make sure the primary domain database is totally up-to-date, repeat the procedure for each 
secondary domain in your system. 
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30.1 


Managing Database Disk Space 


One of the most common maintenance issues in a growing system is running out of disk space. In 
addition to sending messages, users tend to use GroupWise for all sorts of communication, such as 
transferring large files. Library documents created with Document Management Services (DMS) can 
use huge amounts of disk space. Archived library documents can also guickly use up disk space 
assigned to the post office, where space is usually limited. 


You should let your users know about the archive and auto-delete features of GroupWise mail, or set 
client options in ConsoleOne to automatically archive or delete. See Chapter 76, “Setting Defaults for 
the GroupWise Client Options,” on page 1025. 

+ Section 30.1, “Gathering Mailbox Statistics,” on page 423 

+ Section 30.2, “Reducing the Size of User and Message Databases,” on page 425 

+ Section 30.3, “Reclaiming Disk Space in Domain and Post Office Databases,” on page 427 


+ Section 30.4, “Reducing the Size of Libraries and Document Storage Areas,” on page 428 


See also Section 12.3, “Managing Disk Space Usage in the Post Office,” on page 196. 


Gathering Mailbox Statistics 


If you have some users who don't like to throw anything away, you might want to monitor the size of 
their mailboxes and, where appropriate, suggest voluntary cleanup. You can assess email retention 
by the number of messages, age of messages, or size of user databases. 


The Mailbox Statistics option in Mailbox/Library Maintenance collects and displays statistics about 
the post office, such as the number of messages and appointments in the post office and the average 
number per user. It is valid only for user databases. In addition, you can display any user mailboxes 
that have more than a specified number of items. This can help determine which users might be 
using an excessive amount of file server disk space. 


To gather mailbox statistics: 


1 In ConsoleOne, browse to and select one or more User or Resource objects or one or more Post 
Office objects. 
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2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 
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3 From the Action drop-down menu, select Mailbox Statistics. 
4 Select Mailbox Statistics. 


Mailbox Statistics: Specify a maximum number of items to see a report showing each user 
whose mailbox has more items in it than the number you specify. 


or 


Select Expire Statistics. 


Expire Statistics: Select one of the following: 


+ 


+ 


Items Older Than: Shows how many items are older than the number of days you specify. 


Downloaded Items Older Than: Shows how many items have been downloaded to users” 
GroupWise Caching or Remote mailboxes that are older than the number of days you 
specify. This does not include items that have been downloaded to non-GroupWise 
mailboxes (for example, POP and IMAP accounts). 


Items Larger Than: Shows how many items are larger than the size you specify. 

Reduce Mailbox To: Shows how many items need to be expired before the mailbox would 
be reduced to the size you specify. Older, larger items are expired before newer, smaller 
items. 

Reduce Mailbox to Limited Size: Shows how many items need to be expired before the 


mailbox is the size specified using the Disk Space Management feature under Client 
Options, as described in Section 12.3.3, “Setting Mailbox Size Limits,” on page 198. 


When items meet your selected expire criteria, they are subject to being removed from the 
mailbox when you the Expire/Reduce Messages action as described in Section 30.2, “Reducing the 
Size of User and Message Databases,” on page 425. 


5 In the Include box, select Received Items, Sent Items, Calendar Items, Only Backed-Up Items, and/or 
Only Retained Items to specify the types of items to gather statistics for. 
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The Only Backed-Up Items option interacts with the Do Not Purge Items Until They Are Backed Up 
setting under Tools > Group Wise Utilities > Client Options > Environment Options > Cleanup. If items 
are not allowed to be deleted before they are backed up, then they cannot be deleted during an 
Expire/Reduce operation. For more information. see “Environment Options: Cleanup” on 

page 1039. 


The Only Retained Items option interacts with third-party messages retention application, as 
described in Chapter 33, “Retaining User Messages,” on page 441. 


6 Usingthe tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 


“Databases” on page 452 

“Logging” on page 453 

“Results” on page 453 

“Misc” on page 453 

“Exclude” on page 454 

Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 

By default, the mailbox statistics are sent to the domain administrator, as designated in 
Section 43.7, “Notifying the Domain Administrator,” on page 682. 


7 If you want to send the statistics to one or more other users, click Results, select Individual Users, 
specify the email addresses of the users in the CC field, then click Message if you want to include 
explanatory text. 


8 Click Run to gather the mailbox statistics and email the results to the specified users. 


Reducing the Size of User and Message Databases 


When users archive and empty messages in their mailboxes, the messages are marked for removal 
from the database (“expired”), but the disk space that the expired messages occupied in the 
databases is retained and used again for new messages. As a result, archiving and deleting messages 
does not affect the overall size of the databases. 


The Expire/Reduce Messages option of Mailbox/Library Maintenance enables you to expire 
additional messages and reduce the size of the databases by reclaiming the free space in the 
databases that is created when messages are expired. You can expire/reduce messages for one or 
more users or resources, or for all users and resources in one or more post offices. You should inform 
users before you run this process so they have a chance to archive or delete messages. Unread 
messages are not expired. 


1 In ConsoleOne, browse to and select one or more User or Resource objects to expire/reduce 
messages for the selected users and resources. 
Or 


Browse to and select one or more Post Office objects to expire/reduce messages for all users and 
resources in each selected post office. 
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2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: Action: 


Post Offices X |ExpireReduce Messages 
ovo meri 


C Object Type 


Options file: <default> 


Ls} 


Close 
C 


Retrieve... 


[V items older than 


a 
= 


Save... 


w 
E) 


IV Downloaded items older than 


[items larger than Help 


[V Trash older than 


a 
= 


I Reduce mailbox to 


Lel» Lalo lal» Lal» Lal» 


I Reduce mailbox to limited size 
Include 
[V Received items 
JV Sent items 
IV Calendar items 
I Only backed-up items 
T Only retained items 


Databases | Logging | Resuits | Misc | Exclude | 


3 From the Action drop-down menu, select Expire/Reduce Messages. 


4 Click Reduce Only to delete items that have already expired (that is, items that have been 
archived or deleted by users). 


or 


Click Expire and Reduce to expire items in addition those that users have already archived or 
deleted, based on the criteria you select. 


Expire and Reduce: Select one or more of the following: 


+ 


+ 


Items Older Than: Expires items that are older than the number of days you specify. 


Downloaded Items Older Than: Expires items that have been downloaded to users” 
GroupWise Caching or Remote mailboxes that are older than the number of days you 
specify. It does not expire items that have been downloaded to non-GroupWise mailboxes 
(for example, POP and IMAP accounts). 


Items Larger Than: Expires items that are larger than the size you specify. 


Trash Older Than: Expires items in the Trash that are older than the number of days you 
specify. 

Reduce Mailbox To: Expires items until the mailbox is reduced to the size you specify. 
Older, larger items are expired before newer, smaller items. 


Reduce Mailbox to Limited Size: Expires items until the mailbox is the size specified using 
the Disk Space Management feature under Client Options, as described in Section 12.3.3, 
“Setting Mailbox Size Limits,” on page 198. 


5 Inthe Include box, select Received Items, Sent Items, Calendar Items, Only Backed-Up Items, and/or 
Only Retained Items. You might want to notify users of the types of items that will be deleted. 


The Only Backed-Up Items option interacts with the Do Not Purge Items Until They Are Backed Up 
setting under Tools > Group Wise Utilities > Client Options > Environment Options > Cleanup. If items 
are not allowed to be deleted before they are backed up, then they cannot be deleted during an 
Expire/Reduce operation. For more information. see “Environment Options: Cleanup” on 

page 1039. 
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The Only Retained Items option interacts with third-party messages retention application, as 
described in Chapter 33, “Retaining User Messages,” on page 441. 


6 Usingthe tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 452 
“Logging” on page 453 
“Results” on page 453 
“Misc” on page 453 
“Exclude” on page 454 
Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 
7 Click Run to perform the Expire/Reduce Messages operation. 


For additional disk space management assistance, see Section 12.3, “Managing Disk Space Usage in 
the Post Office,” on page 196. 


30.3 Reclaiming Disk Space in Domain and Post Office 
Databases 


As you add information to your system, the domain databases (wpdomain.db) and post office 
databases (wphost . db) increase in size. If you delete information, the space created in the databases 
for the information is not immediately recovered. GroupWise uses the free space before requiring 
more disk space; however, if you have deleted a large amount of information, you might want to 
reclaim unused database space. If you have frequent changes to your users, especially deletions, you 
should occasionally reclaim disk space. 


1 In ConsoleOne, browse to and select the Domain object or Post Office object where you want to 
reclaim disk space. 


2 Click Tools > GroupWise Utilities > System Maintenance. 


GroupWise System Maintenance 


C Validate Database 
C Recover Database 


© Rebuild Database 


Refresh Views 


Description: 
Reclaiming space may reduce the size ofthe database by 
eliminating any unused space. 


3 Select Reclaim Unused Space, then click Run. 


4 When prompted, make sure the Path to Database is correct. If an incorrect path is displayed, 
browse to and select the path to the database where you want to reclaim disk space. Click OK. 
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30.4 


30.4.1 


Reducing the Size of Libraries and Document Storage 
Areas 


The amount of disk space you allow at each post office for your library databases varies according to 
the GroupWise features they use. 


If you are using GroupWise Document Management Services, you must determine storage 
reguirements for your documents. If you feel your current disk space usage by documents is not 
representative of your long-term reguirements, you can estimate the disk space users need for 
documents by multiplying an average document size by the average number of documents per user 
by the total number of users in the post office. 


For example, the typical document size is 50 KB. Each user owns about 50 documents and there are 
100 users on your post office. 


Sample Calculation: 


50 KB (document size) 
x 50 documents (per user) 
x 100 users 


2.5 GB of disk space 


Be sure to allow your libraries room to grow. 


When room to grow is no longer available, the following tasks help you make the best use of 
available disk space: 


+ Section 30.4.1, “Archiving and Deleting Documents,” on page 428 
+ Section 30.4.2, “Deleting Activity Logs,” on page 429 


See also Section 23.4.2, “Backing Up and Restoring Archived Documents,” on page 383. 


Archiving and Deleting Documents 


Documents can be archived, retained indefinitely, or simply deleted. The document type property 
determines a document's disposition (archive, delete, or retain). The document life property 
determines when it can be archived or deleted. When you run the Archive/Delete Documents option of 
Mailbox/Library Maintenance, documents in the selected libraries that have reached their document 
life dates are either deleted or archived. 


Documents that have reached their document life and been marked for deletion in the document type 
are simply deleted from the library, after which the document and its property information can no 
longer be found by any search. You can recover deleted documents from database backups. 


When documents are archived, their BLOBs are moved to archive directories. These directories are 
named arnnnnnn (Where nnnnnn is an incremented integer with leading zeros), and are 
automatically created as needed. They are sometimes referred to as archive sets. The archive 
directories are located at post office directory\gwdms\1ib01-FFr\archive. When a document is 
archived, GroupWise determines if the document BLOB fits in the current archive directory. If the 
BLOB does not fit, another archive directory is created and the BLOB is archived there. 


To archive/delete documents from one library or all libraries in the selected post offices: 


1 In ConsoleOne, select one or more Library objects or Post Office objects for the documents you 
want to archive/delete. 
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2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


Novell GroupWise Mailbox/Library Maintenance 


(° GroupWiise Objects: 
Post Offices X Archive/Delete Documents 
evelopment 


Run 
Close 
Retrieve... 


Save... 
Help 


© Object Type 


Databases | Logging | Results | Misc | 


Options file: <detault> 


3 From the Action drop-down menu, select Archive/Delete Documents. 
4 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 452 
“Logging” on page 453 
“Results” on page 453 
“Misc” on page 453 


Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 


5 Click Run to perform the Archive/Delete Documents operation. 


30.4.2 Deleting Activity Logs 


To free up disk space by deleting the activity logs for one or more libraries: 


1 In ConsoleOne, select one or more Library objects or Post Office object where you want to delete 
activity logs. 
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2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 


KS Novell GroupWise Mailbox/Library Maintenance 


© GroupWise Objects: Action: 
Post Offices ~ Delete Activity Logs = 
Close 


Run 
Delete logs older than | 60 $| days Retrieve... 


Help 


C Object Type 


Databases | Logging | Resuts | Misc | 


Options file: <detault> 


3 From the Action drop-down menu, select Delete Activity Logs. 
4 Specify the number of days in the Delete Activity Logs Older Than field. The default is 60 days. 
5 Using the tabs at the bottom of the Mailbox/Library Maintenance dialog box, set the following 
options: 
“Databases” on page 452 
“Logging” on page 453 
“Results” on page 453 
“Misc” on page 453 


Selected options can be saved for repeated use. See “Saving Mailbox/Library Maintenance 
Options” on page 454. 


6 Click Run to delete unneeded activity logs. 
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31.1 


31.2 


Backing Up GroupWise Databases 


You should back up GroupWise databases regularly so that if a database sustains damage that cannot 
be repaired using the GroupWise database maintenance tools, you can still recover with minimum 


data loss. 


Use your backup software of choice to back up GroupWise databases to a secure location. Fora list of 
compatible products, see the Partner Product Guide (http://www.novell.com/partnerguide). You can 


also use the GroupWise Database Copy utility (DBCopy) and the GroupWise Time Stamp utility 
(GWTMSTMP) to assist with backups. For details about how to use these utilities, see Section 34, 
“Stand-Alone Database Maintenance Programs,” on page 447. 

+ Section 31.1, “Backing Up a Domain,” on page 431 

+ Section 31.2, “Backing Up a Post Office,” on page 431 

+ Section 31.3, “Backing Up a Library and Its Documents,” on page 432 

+ Section 31.4, “Backing Up Individual Databases,” on page 432 


Backing Up a Domain 


All critical domain-level information is stored in the domain database (wpdomain. db). Use your 
backup software of choice to back up each domain database to a secure location. If your backup 
software cannot handle open files, stop the MTA for the domain while the backup of the domain 
database takes place or copy the domain directory to a temporary location and back up the static 
copy. 


See also Section 32.1, “Restoring a Domain,” on page 433. 


Backing Up a Post Office 


Critical post office-level information is stored in many different databases. The table below 
summarizes the databases and their locations: 


Database Location 

wphost . db \post_office directory 

ngwguard.db \post_office directory 

msgnnn.db \post_office_directory\ofmsg 
userxxx.db \post office directory\ofuser 
puxxxxx.db \post office directory\ofuser 

*.idx and *.inc \post_ office directory\ofuser\index 
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31.4 


Database Location 

fdo-F6 \post office directory\offiles 

dmsh.db \post_office_directory\gwdms 

dmxxnn01-FF.db \post_office_directory\gwdms\1ib0000-FF 

fd0-FF \post_ office directory\gwdms\1ib0000-FF\docs 

*.idx and *.inc \post_ office directory\gwdms\1ib0000-FF\index 

To view a post office directory structure diagram, see “Post Office Directory” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. 


Use your backup software of choice to back up all databases in each post office to a secure location. If 
your backup software cannot handle open files, stop the POA for the post office while the backup of 
the domain database takes place or copy the post office directory to a temporary location and back up 
the static copy. 


See also Section 32.2, “Restoring a Post Office,” on page 433. 


Backing Up a Library and Its Documents 


If the document storage area for a library is physically located in a post office, the library and 
documents are backed up along with the rest of the data in the post office. However, document 
storage areas are freguently located outside of the post office directory structure because of disk 
space considerations. Therefore, remote document storage areas must be backed up separately. A 
post office can have multiple libraries and each library can have multiple document storage areas, so 
make sure you have identified all document storage areas in your library/document backup 
procedure. 


After you have initially performed a full backup of your document storage areas, you can perform 
incremental backups by backing up to the same location to shorten the backup process. 


To ensure consistency between the backups of post office databases and document storage areas: 


1 Use your backup software of choice to back up your document storage areas. 
2 Back up the post office, as described in Section 31.2, “Backing Up a Post Office,” on page 431. 


3 Perform an incremental backup of your document storage areas to pick up all new documents 
and document modifications that occurred while backing up the post office. 


You should need to restore data in a document storage area only if files have been damaged or 
become inaccessible due to a hard disk failure. 


See also Section 32.3, “Restoring a Library,” on page 434. 


Backing Up Individual Databases 


If you need to back up individual databases separately from backing up a post office, you can use 
your backup software of choice. 


See also Section 32.4, “Restoring an Individual Database,” on page 434. 
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Restoring Group Wise Databases from 
Backup 


Database damage can usually be repaired using the database maintenance tools provided with 
GroupWise. Only very occasionally should you need to restore databases from backup. 

+ Section 32.1, “Restoring a Domain,” on page 433 

+ Section 32.2, “Restoring a Post Office,” on page 433 

+ Section 32.3, “Restoring a Library,” on page 434 

+ Section 32.4, “Restoring an Individual Database,” on page 434 

+ Section 32.5, “Restoring Deleted Mailbox Items,” on page 435 

+ Section 32.6, “Recovering Deleted Group Wise Accounts,” on page 438 


32.1 Restoring a Domain 


Typically, damage to the domain database (wpdomain . db) can be repaired using the database 
maintenance tools provided in ConsoleOne, as described in Chapter 26, “Maintaining Domain and 
Post Office Databases,” on page 401. 


If damage to the domain database is so severe that rebuilding the database is not possible: 


1 Stop the MTA for the domain. 


2 Use the backup software for your platform, as listed in Section 31.1, “Backing Up a Domain,” on 
page 431, to restore the domain database into the domain directory. 


3 Restart the MTA for the domain. 


4 To update the restored domain database with administrative changes made since it was backed 
up, synchronize the restored domain database with the primary domain database, as described 
in Section 29.4, “Synchronizing a Secondary Domain,” on page 421. 


If the restored domain database is for the primary domain, see Section 29.5, “Synchronizing the 
Primary Domain from a Secondary Domain,” on page 422. 


32.2 Restoring a Post Office 


Typically, damage to databases in a post office can be repaired using the database maintenance tools 
provided in ConsoleOne or using GroupWise Check (GWCheck). See Chapter 26, “Maintaining 
Domain and Post Office Databases,” on page 401, Chapter 27, “Maintaining User/Resource and 
Message Databases,” on page 409, and Section 34.1, “GroupWise Check,” on page 447. 


If damage to the post office was so severe that rebuilding databases is not possible: 


1 Stopthe POA forthe post office. 
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32.3 


32.4 


2 Usethe backup software for your platform, as listed in Section 31.2, “Backing Up a Post Office,” 
on page 431, to restore the various databases into their proper locations in the post office 
directory. 


3 Time-stamp the restored user databases so that old items are not automatically purged during 
nightly maintenance: 


ga In ConsoleOne, browse to and select the Post Office object, then click Tools > GroupWise 
Utilities > Backup/Restore Mailbox. 


3b Onthe Backup tab, select Restore, then click Yes. 


4 To update the restored post office database (wphost . db) with the most current information 
stored in the domain database, rebuild the post office database, as described in Section 26.3, 
“Rebuilding Domain or Post Office Databases,” on page 405. 


5 To update other restored databases such as user databases (userxxx. db) and message databases 
(msgnnn.db) with the most current information stored in other post offices, run Analyze/Fix 
Databases with Contents selected, as described in Section 27.1, “Analyzing and Fixing User and 
Message Databases,” on page 409. 


6 Restart the POA for the post office. 


Restoring a Library 


Typically, damage to library databases (dmsh. db and others) can be repaired using the database 
maintenance tools provided in ConsoleOne or using GroupWise Check (GWCheck). See Chapter 28, 
“Maintaining Library Databases and Documents,” on page 415 and Section 34.1, “GroupWise 
Check,” on page 447. 


If damage to the library is so severe that rebuilding databases is not possible: 


1 Stop the POA that services the library. 


2 Use the backup software for your platform, as listed in Section 31.3, “Backing Up a Library and 
Its Documents,” on page 432, to restore the library. 


3 Restart the POA. 


4 To update the restored library databases with the most current information stored in other post 
offices: 


4a In ConsoleOne, run Analyze/Fix Databases with Contents selected. 
4b Run Analyze/Fix Library. 


For more information, see Section 28.2, “Analyzing and Fixing Library and Document 
Information,” on page 416. 


Restoring an Individual Database 


Typically, damage to user and resource databases (userxxx.db) and message databases (msgnnn. db) 
can be repaired using the database maintenance tools provided in ConsoleOne or using GroupWise 
Check (GWCheck). See Chapter 27, “Maintaining User/Resource and Message Databases,” on 

page 409 and Section 34.1, “GroupWise Check,” on page 447. 


If damage to an individual database is so severe that repair is not possible: 


1 Make sure the user to whom the affected database belongs is not running the GroupWise client. 


2 Use your backup software of choice to restore the database into the proper location in the post 
office directory. 
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User databases are stored in the ofuser subdirectory in the post office. Message databases are 
stored in the ofmsg subdirectory. 


3 To update the restored database with the most current information available, run Analyze/Fix 
Databases with Contents selected, as described in Section 27.1, “Analyzing and Fixing User and 
Message Databases,” on page 409. 


32.5 Restoring Deleted Mailbox Items 


With proper planning, you can assist users in retrieving accidentally deleted items and items that 
became unavailable because of database damage. 

+ Section 32.5.1, “Setting Up a Restore Area,” on page 435 

+ Section 32.5.2, “Restoring a User’s Mailbox Items,” on page 437 

+ Section 32.5.3, “Letting Client Users Restore Their Own Mailbox Items,” on page 437 


NOTE: Setting up a restore area enables users to restore deleted mailbox items (messages, 
appointments, tasks, and so on), but not deleted contacts (entries in Contacts folders and personal 
address books). 


32.5.1 Setting Up a Restore Area 


A restore area is only as useful as the post office data that is backed up regularly. Make sure you are 
backing up every GroupWise post office regularly, as described in Section 31.2, “Backing Up a Post 
Office,” on page 431. 


A restore area is a location you designate to hold a backup copy of a post office so that you or 
GroupWise Windows client users can access it to retrieve mailbox items that are unavailable in your 
live GroupWise system. 


To set up a restore area: 


1 Create a backup copy of the post office directory for users to access as a restore area. 


The name of the restore area directory must follow the same conventions as a post office 
directory, as described in Section 11.2.5, “Deciding Where to Create the Post Office Directory,” 
on page 177. 


2 In ConsoleOne, click Tools > Group Wise System Operations > Restore Area Management. 


Restore Area Directory Management 


Restore Area Directories: 
Name UNC Path 
Dev Restore Area WIBD-Wigwsystemidevrest 


FE 
JEEN 
Help 


Description: 
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The Restore Area Directory Management dialog box lists any restore areas that currently exist in 
your GroupWise system. 


3 Click Create to set up a new restore area. 


KS Edit Backup/Restore Area 


Identification | Membership | 


Name: 
I 


Description: 


Location 
UNC Path: 


AppleTalk Path (optional): 


Linux Path (optional): 


osas 


4 Onthe Identification tab, specify a unique name for the new restore area. If desired, provide a 
lengthier description to further identify the restore area. 


You can set up one restore area per post office. 
5 Inthe UNC Path field, browse to and select the directory that you created in Step 1. 


6 (Conditional) For a restore area on Linux, specify the full path to the directory that you created 
in Step 1 inthe Linux Path field in Linux path format, so that the Linux POA can locate the 
restore area. 


ConsoleOne needs the UNC path in order to locate the restore area from its viewpoint on the 
network, and the Linux POA needs the Linux path in order to locate the restore area from its 
viewpoint on the Linux server. 


7 Click Membership. 


Edit Backup/Restore Area 


Identification Membership | 


Post Office: Object ID 


Development 


EN 


OK | Cancel | Help 


8 Click Add, select the post office, or one or more individual users in the post office, that need 
access to the new restore area, then click OK to add them to the membership list. 


9 When the membership list is complete, click OK to create the new restore area. 


If you display the Post Office Settings page for a post office that has a restore area assigned to it, 
you see that the Restore Area field has been filled in. 
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32.9.2 


32.9.3 


10 Usethe backup software for your platform, as listed in Section 31.2, “Backing Up a Post Office,” 
on page 431, to restore a backup copy of the post office into the restore area. 


11 Grantthe POA the following rights to the restore area: 


Linux: 755 


Windows: Change 


12 (Conditional) For a restore area on Windows, if the restore area is located on a different server 
from where the post office directory is located, provide the POA with a user name and password 
for logging in to the remote server. 


You can provide that information using the Remote User Name and Password fields on the Post 
Office object’ s Post Office Settings page, or using the /user and /password startup switches. 


13 Continue with Section 32.5.2, “Restoring a User's Mailbox Items,” on page 437 or Section 32.5.3, 
“Letting Client Users Restore Their Own Mailbox Items,” on page 437 as needed. 


Restoring a User’s Mailbox Items 


After you have set up a restore area and placed a backup copy of a post office into it, you can restore 
a user's mailbox items for the user. 
1 In ConsoleOne, browse to and select a User object for which you need to restore mailbox items. 
2 Click Tools > GroupWise Utilities > Backup/Restore Mailbox. 


The Restore tab is automatically selected for you, with the restore area and directory location 
displayed for verification. 


Backup/Restore Mailbox 


Object: Provo1.Development.mpalu 
Restore Area: Dev Restore Area 
Path: JBD-Wgwsystemidevrestore 


Restore all messages for this user? 


3 Click Yes to restore the selected user's mailbox items into his or her mailbox. 
4 Notify the user and explain the following about the restored items: 
+ The user might want to manually delete unwanted restored items. 


+ The user should file or archive the items that he or she wants within seven days. After seven 
days, unaccessed items are deleted after the amount of time allowed by existing auto-delete 
settings, as described in “Environment Options: Cleanup” on page 1039. If auto-deletion is 
not enabled, the restored items remain in the mailbox indefinitely. 


Letting Client Users Restore Their Own Mailbox Items 


After you have setup a restore area and given client users access to it, users can selectively restore 
individual items into their mailboxes. This saves you the work of restoring mailbox items for users 
and it also saves users the work of deleting unwanted restored items. 


In the backup copy of a mailbox, only items that are different from the live mailbox are displayed. If 
the backup mailbox looks empty, it means that it matches the contents of the live mailbox. 
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After a restore area has been setup: 


1 Inthe GroupWise client, click File > Open Backup. 

2 (Conditional) If you are prompted: 
2a Inthe Restore From field, browse to and select the restore area directory. 
2b Inthe Password field, type your GroupWise password. 
2c Click OK to access the backup copy of your mailbox. 

3 Retrieve individual items as needed. 


The backup copy of your mailbox offers basic features such as Read, Search, and Undelete so 
that you can locate and retrieve the items you need. 


4 When you are finished restoring items to your live mailbox, click File > Open Backup again to 
remove the check mark from the Open Backup option and return to your live mailbox. 


32.6 Recovering Deleted GroupWise Accounts 


If you have a reliable backup procedure in place, as described in Chapter 31, “Backing Up 
GroupWise Databases,” on page 431, you can restore recently deleted GroupWise user and resource 
accounts. 


1 Make available a backup copy of a domain database (wpdomain.db) where the deleted 
GroupWise account still exists. 


2 In ConsoleOne, click Tools > GroupWise Utilities > Recover Deleted Account. 


Recover GroupWise Account 


Recover GroupWise Account 


This advisor helps you recover a deleted GroupWise account 
from a backup copy of the GroupWise directory (primary domain 
database). 

Once the account has been recovered, you can use the 
Backup/Restore Mailbox utility ta restore the contents of the 
mailbox from your backup system. 


Backup Domain Path: 


Account To Restore: 


Cancel Help 


3 Browse to and select the backup copy of the domain database. 


4 Select the user or resource that you need to recover the account for. 
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5 Click Next. 


KS Recover GroupWise Account 


Additional Information 


Additional information for account: Provo2.Sales.smurphy 


Novell. 


Some of the information below will not be added to the account 
at this time but can be added manually after the account has 
been recovered. 


Custom Index Flag 1 a 
Source Post Office Finance 

Source Domain Waltham1 

Visibilty System 

Total Mailbox tem Count 0 

Type User 

Subtotal 0 

Object ID Smurphy 

Family 4 

Last Move Modification Time Tuesday, February 7 
4 b 


Save to clipboard 
« Back Cancel Help 


6 If desired, click Save to Clipboard, paste the information into a file, then save or print it. 
7 Click Next. 


Recover GroupWise Account 


Summary 


The following account will be restored to the location listed: 


Novell. 


GroupWise Account ID: Provo2.Sales.smurphy 

Surname: Murphy 

Given Name: Samantha 

GroupWise File ID: ank 

GUID: 08F07740-020C-0000-B7C7-8D00C 
Visibility: 2 

eDirectory Tree: CORP TREE 

eDirectory Context: Users.Docdev.Novell 


To restore the account, click Finish. 


< Back 


8 Click Finish. 


10 


At this point, you have restored the user's or resource’s GroupWise account into the GroupWise 
system. However, this does not restore ownership of resources, nor does the account's mailbox 
contain any item at this point. 


If the restored user owned resources, manually restore the ownership, as described in 
Section 16.2, “Changing a Resource's Owner,” on page 271 


To restore the contents of the account's mailbox, follow the instructions in Section 32.5, 
“Restoring Deleted Mailbox Items,” on page 435. 
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33.1 


Retaining User Messages 


GroupWise enables you to retain user messages until they have been copied from message databases 
to another storage location. This means that a user cannot perform any action, such as emptying the 
mailbox Trash, that results in a message being removed from the message database before it has been 
copied. 


Message retention primarily consists of three activities: 1) not allowing users to remove messages 
until they have been retained, 2) retaining the messages by copying them from message databases to 
another location, and 3) time-stamping the retained messages so that they can be subseguently 
deleted. 


GroupWise supplies the ability to not allow users to remove messages until they have been retained. 
It also provides methods for message retention applications to securely access user mailboxes and 
copy messages. However, it does not provide the message retention application. You must develop or 
purchase a third-party (non-GroupWise) application that performs this service. 


+ Section 33.1, “How Message Retention Works,” on page 441 
+ Section 33.2, “Acguiring a Message Retention Application,” on page 443 
+ Section 33.3, “Enabling Message Retention,” on page 444 


How Message Retention Works 


To understand how message retention works, you need to understand what GroupWise does and 
what the message retention application does, as explained in the following sections: 


+ Section 33.1.1, “What GroupWise Does,” on page 442 
+ Section 33.1.2, “What the Message Retention Application Does,” on page 443 
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33.1.1 


What GroupWise Does 


During installation of the message retention application, the application uses the GroupWise Trusted 
Application API to create a trusted application record in the GroupWise system. The trusted 
application record includes a flag that designates it as a message retention application. This flag is 
accessed through the trusted application’s Provides Message Retention Service setting in ConsoleOne 
(Tools > GroupWise System Operations > Trusted Applications > Edit). 


| Cte Application xi 
Name: Message Retention Service 


Description: | 


TCP/IP Address: Z| 
M Requires SSL 
T Provides Message Retention Service 

4 


s 55L 


Cancel | Help | 


When ConsoleOne reads a trusted application record that has the Provides Message Retention 
Service setting turned on, it adds a Retention tab to the GroupWise Client Environment Options (Tools 
> GroupWise Utilities > Client Options > Environment). 


G Environment Options: Development xÍ 
General | Client Access | Views | File Location 
Novell vibe | Tutorial | Address l Conferencing | Reply Format 


Cleanup | Appearance | Junk Mail | Calendar 


JF Enable Message Retention Service x | 


p Description: 


Restore Default Settings 


Cancel | Help 


You use this Retention tab to enable message retention at the domain, post office, or user level, 
meaning that you can enable it for all users in a domain, all users in a post office, or individual users. 


Turning on message retention alters the GroupWise client purge behavior by preventing a user from 
purging any messages from his or her mailbox that have not yet been retained. 
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33.1.2 What the Message Retention Application Does 


Different message retention applications might vary slightly in their approach to retaining messages. 
This section provides a general approach to message retention. 


To determine whether or not mailbox messages have been retained, the message retention 
application adds a time stamp to the mailbox. The message retention application can use the 
GroupWise Object API or GroupWise IMAP support to write (and read) the time stamp. In addition, 
you can use the GroupWise Time Stamp Utility (page 457) to manually set the time stamp. 


The time stamp represents the most recent date and time that message retention was completed for 
the mailbox. Messages delivered after the time stamp cannot be purged until they have been 
retained. This reguires that the message retention application retain items chronologically, oldest to 
newest. For example, assume a mailbox has a message retention time stamp of May 7, 2012 12:00:00. 
The mailbox has three folders with a total of seven messages: 


ES Folder 1 

(7 Message 1 May 5, 2012 10:03:00 
Message 2 May 7, 2012 15:22:00 
Message 3 May 6, 2012 18:54:00 
ES Folder 2 

[5 Message 4 May 7, 2012 8:34:00 
G Message5 May 7, 2012 16:59:00 
ti Folder 3 

À Message 6 May 6, 2012 14:23:00 
A Message? May 9, 2012 11:31:00 


The message retention application reads the existing time stamp (May 7, 2012 12:00:00) and selects a 
time between that time and the current time. For example, suppose the current time is May 9, 2012 
14:00:00. The message retention application could choose May 8, 2012 12:00:00 as the new time stamp. 
It would then retain any messages delivered between the existing time stamp (May 7, 2012 12:00:00) 
and the new time stamp (May 8, 2012, 12:00:00). 


In the above example, messages 1, 4, and 6 are older than the existing time stamp (May 7, 2012 
12:00:00). The message retention application would not retain these messages again, assuming that 
they had already been safely retained. Messages 2 and 5 have dates that fall between the existing time 
stamp (May 7, 2012 12:00:00) and the new time stamp (May 8, 2012, 12:00:00) so they would be 
retained. Messages 3 and 7 have dates that fall after the new time stamp (May 8, 2012, 12:00:00) so 
they would not be retained until the next time the message retention application ran against the 
mailbox. 


Optionally, the message retention service can be associated with an archive service. For more 
information, see Section 4.2.7, “Archive Service Settings,” on page 77. 


33.2 Acquiring a Message Retention Application 


If you do not already have a message retention application to use with GroupWise, you have two 
options: 1) you can purchase an application from a GroupWise partner or 2) you can develop your 
own application. 


For information about GroupWise partners that provide message (email) retention applications, see 
the Partner Product Guide (http://www.novell.com/partnerguide). 


For information about developing a message retention application, see the GroupWise Object API and 
GroupWise Trusted Application API documentation at the Novell Developer Kit Web site (http:// 
developer.novell.com/wiki/index.php/Category:Novell_Developer_Kit). 
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33.3 Enabling Message Retention 


This section assumes that you have installed a message retention application as a GroupWise trusted 
application and that it is configured to provide a message retention service. If not, see Section 4.12, 
“Trusted Applications,” on page 90. 


Message retention is not enabled until you designate the users whose messages you want retained by 
the application. You can designate users at the domain level, post office level, or individual user level. 


1 In ConsoleOne, right-click the domain, post office, or user for which you want to enable message 
retention, click GroupWise Utilities > Client Options to display the GroupWise Client Options 
dialog box. 


GroupWise Client Options x| 


$ % O 


Environment Send Documents 
Security Calendar 


Close | Help 


2 Click Environment to display the Environment Options dialog box, then click the Retention tab. 


Environment Options: Development 1 x| 
General | Client Access | Views | File Location 
Novell Vibe | Tutorial | Address Book | Conferencing | Reply Format 
Cleanup | Appearance | Junk Mail | Calendar 


F Enable Message Retention Service "Y | 


- Description: 


3 Turn on the Enable Message Retention Service setting. 
4 If you want to lock the setting at this level, click the Lock button. 


For example, if you lock the setting at the domain level, the setting cannot be changed for any 
post offices or users within the domain. If you lock the setting at the post office level, it cannot be 
changed individually for the post office's users. 
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This setting does not display in the GroupWise client. Therefore, there is no lock available when 
editing this setting for individual users. 


5 Click OK to save the changes. 
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Stand-Alone Database Maintenance 
Programs 


Some aspects of GroupWise database maintenance are performed by stand-alone maintenance 
programs that can be incorporated into batch files along with other system maintenance programs. 
+ Section 34.1, “GroupWise Check,” on page 447 
+ Section 34.2, “Group Wise Time Stamp Utility,” on page 457 
+ Section 34.3, “GroupWise Database Copy Utility” on page 463 


34.1 GroupWise Check 


GroupWise Check (GWCheck) is a tool provided for GroupWise to check and repair GroupWise user, 
message, library, and resource databases without using ConsoleOne. In addition to checking post 
office, user, and library databases, it also checks users’ remote, caching, and archive databases. 


The GWCheck utility runs on Linux and Windows. You should match the platform of GWCheck to 
the platform where the databases are located. Linux GWCheck processes databases on Linux. 
Windows GWCheck processes databases on Windows. 


IMPORTANT: GWCheck should not be used to process databases that are located across a network 
connection between different machines. 


+ Section 34.1.1, “GWCheck Functionality,” on page 447 

+ Section 34.1.2, “Using GWCheck on Windows,” on page 449 

+ Section 34.1.3, “Using GWCheck on Linux,” on page 450 

+ Section 34.1.4, “Performing Mailbox/Library Maintenance Using GWCheck,” on page 452 
+ Section 34.1.5, “Executing GWCheck from a Windows Batch File,” on page 454 

+ Section 34.1.6, “Executing GWCheck from a Linux Script,” on page 455 

+ Section 34.1.7, “GWCheck Startup Switches,” on page 455 


34.1.1 GWCheck Functionality 


The GWCheck utility begins by comparing three databases. 


WPHOST.DB NGWGUARD.DB FILE SYSTEM 

The post office database The guardian database The file system for this post office is 
(wphost . db) is checked for (ngwguard. db) is checked to find checked to see if the user database 
the file ID (FID) of the selected out if this user database has been (userxxx. db) for this user exists. 
user. created. 
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After GWCheck makes the database comparisons, it begins processing according to the databases 
selected and any inconsistencies found. 


Case 1 - Missing Entry in the Post Office Database (wphost.db) 


In this example, a contents check is run either against all users on the post office or against one user, 
“ABC.” GWCheck does not find the FID of one or more users. 


WPHOST.DB NGWGUARD.DB FILE SYSTEM 

? userabc.db userabc.db 

No entry for this user is found in the An entry is found in the guardian Also, a user database 

post office database (wphost.db). database (ngwguard. db), indicating (userxxx. db) for this user is 
that the user has been deleted. found in the ofuser directory. 


GWCheck removes the entry from ngwguard.db, deletes userabc . db, and systematically deletes all 
of the user’s messages from the message databases that are not still being referenced by other users. If 
the user has been deleted, GWCheck cleans up after that user. 


WARNING: If a post office database becomes damaged so some users are unable to log in, GWCheck 
should not be run until the post office has been rebuilt. For more information, see Section 26.3, 
“Rebuilding Domain or Post Office Databases,” on page 405. 


Case 2 - Missing Entry in the Guardian Database (ngwguard.db) 


In this example, a GWCheck is run either against all users on the post office or against one user, 
“ABC.” A user’s FID is found and the user’s database is found in the post office, but the user is 
missing in ngwguard. db. 


WPHOST.DB NGWGUARD.DB FILE SYSTEM 

FID abc ? userabc.db 

The user appears in the post office The guardian database A user database (userxxx.db) for 

database (wphost . db). (ngwguard.db) shows no user the user does exist in the ofuser 
database for this user. directory. 


GWCheck creates the user in ngwguard. db, using database userabc.db. Even if ngwguard. db is 
damaged, it is unlikely that data is lost. 


Case 3 - Missing User Database (userxxx.db) 


In this example, a GWCheck is run either against all users on the post office or against one user, 
“ABC.” The user's FID is found, as well as the user's record in ngwguard.db. However, the user's 
database is not found. 


WPHOST.DB NGWGUARD.DB FILE SYSTEM 

FID abc userabc.db ? 

The user is found in the post office The user is found in the guardian No user database (userxxx. db) 
database (wphost . db). database (ngwguard. db). is found in the ofuser directory. 
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GWCheck takes action depending on what options are selected. 


Contents Check: GWCheck deletes all of this user’s messages from the message databases if they are 
not referenced by other users. 


Structural Rebuild: GWCheck creates a blank user database for this user. Existing messages for this 
user are ignored. 


Re-create User Database: GWCheck creates a blank user database for this user and populates it with 
messages in the message databases that have been sent to or from this user. 


WARNING: If a user database has been deleted, do not run a Contents Check until after a Structural 
Rebuild or Re-create User Database has been run for that user. For more information, see Section 27.2, 
“Performing a Structural Rebuild of a User Database,” on page 411 and Section 27.3, “Re-creating a 
User Database,” on page 412. 


Using GWCheck on Windows 


You can use GWCheck on any Windows XP/Vista/7 workstation or Windows 2003/2008 server. 


As an administrator, you can run GWCheck for databases in any post office accessible from the 
workstation where GWCheck is installed. The GWCheck program performs all database 
maintenance itself, rather than handing off a task to the POA as ConsoleOne would do to perform 
database maintenance. 


Depending on how GWCheck is installed, users can have a Repair Mailbox item on the GroupWise 
Windows client Tools menu that enables them to run GWCheck from the client. If the GWCheck 
program is available to users, users can perform database maintenance on their Remote, Caching, 
and archive mailboxes, which are not accessible from ConsoleOne. 


For the Repair Mailbox item to display on the GroupWise Windows client Tools menu, the following 
files must be installed in the GroupWise software directory; by default, this is c: \Program 
Files\Novell\GroupWise. 


+ gwcheck.exe 

+ gwchkxx.d11 (Replace xx with your language code) 

+ gwchkxx. chm (Replace xx with your language code) 
The GroupWise administrator can install these files by using SetupIP to install the GroupWise 
Windows client, and selecting to install and enable GWCheck. The default for SetupIP is to install 


GWCheck, but not enable GWCheck. The files are then copied to the \novell\groupwise\gwcheck 
directory. For additional information about SetupIP and GWCheck, see “[GWCheck]” on page 1078. 


If the client was installed using the GroupWise Windows client Setup program or the defaults are 
chosen for SetupIP, the client user needs to copy the files from the GWCheck directory 
(\novell\groupwise\gwcheck) to the main GroupWise directory (\novell\groupwise). 
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To run GWCheck: 
1 From the Start menu, click Run, then browse to and double-click gwcheck . exe. 


£^ GroupWise Mailbox/Library Maintenance 8.0.0 (8/22/2008) 


Database Type Action: 
© Post Office | Analyze/Fix Databases 
O Remote/Caching 


M Structure 
O Archive 


C Index Check 


Database Path: CO Contents 


Save... 


Post Office Name: 


Fix problems 
Object Type 


© Post Office 


Update user disk space totals 


O User/Resource: 


A 


O Library: 


| Databases | Logging | Results | Misc | Exclude 


User 


Message 


Options file: <default> 


Document 


2 To view online help in GWCheck, click Help. 


3 Continue with Section 34.1.4, “Performing Mailbox/Library Maintenance Using GWCheck,” on 
page 452. 


34.13 Using GWCheck on Linux 


Two versions of GWCheck are available on Linux, one for a graphical user interface (GUI) 
environment and one for a text-only environment. 


+ “Using GUI GWCheck (gwcheck)” on page 450 
+ “Using Text-Based GWCheck (gwcheckt)” on page 451 


Using GUI GWCheck (gwcheck) 


1 Change to the directory where the GWCheck RPM is located or copy it to a convenient location 
on your server. 


The GWCheck RPM (groupwise-gwcheck-groupwise version-build number.i586.rpm) is 
located in the /admin directory in your GroupWise software distribution directory if it is has 
been updated, or in the downloaded GroupWise 2012 software image. 


2 Install GWCheck. 
rpm -i groupwise-gwcheck-groupwise version-build number.i386.rpm 


3 Change to the /opt/novell/groupwise/gwcheck/bin directory. 
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4. Enter . /gwcheck to start GWCheck. 


ce Novell GroupWise Mailbox/Library Maintenance —0X 
Database Type Action: 
A Run 
Analyze/Fix Databases v 
(5 Post Office 
cl 
[9 Structure os | 
© Caching [Index check Retrieve... 
[ Contents 
C Archive [7 Collect statistics SAN 
Attachment File Check 
la Help 
F Fix problems 
[ Update user disk space totals 
Database Path 
Post Office Name A 
Object Type 
@ Post Office 
© Users/Resources Databases | Logging | Results | Mise | Exclude | 
I~ User 
© Libraries [215 
lr... FF Message 


[ Document 


Options file: <default> 


5 To view online help in GWCheck, click Help. 
6 Continue with Performing Mailbox/Library Maintenance Using GWCheck. 


Using Text-Based GWCheck (gwcheckt) 


You can use text-based GWCheck in any environment where the X Window System is not available, 
such as on a text-only server where a post office and its POA are located. However, you must use GUI 
GWCheck to create an options file before you can run text-based GWCheck. 


1 Install and run GUI GWCheck in a convenient location, as described in “Using GUI GWCheck 
(gwcheck)” on page 450. 


2 Select the maintenance activities that you want GWCheck to perform, as described in 
Section 34.1.4, “Performing Mailbox/Library Maintenance Using GWCheck,” on page 452. 


3 Save the settings you selected in an options file, as described in “Saving Mailbox/Library 
Maintenance Options” on page 454. 


The default options file name is gwcheck. opt. 
4 Copy the GWCheck RPM to a convenient location on the text-only server. 
5 Install GWCheck on the text-only server. 


rpm -i groupwise-gwcheck-version-mmdd.i386.rpm 


6 Copy the GWCheck options file you created in Step 3 to the /opt /novell/groupwise/ 
gwcheck/bin directory. 


7 Change to the /opt /novell/groupwise/gwcheck/bin directory. 
8 Enter ./gwcheckt options file name to run text-based GWCheck. 


If you did not copy the options file to your home directory on the text-only server, specify the 
full path to the options file. 
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34.1.4 


Over time, a collection of options files might accumulate. To see what maintenance activities an 
options file performs, use ./gwcheckt options file name --dump. 


To remind yourself of these options when you are at your Linux server, view the gwcheckt man page. 


Performing Mailbox/Library Maintenance Using GWCheck 


With only a few differences in interface functionality, as described in the online help, you can 
perform the same maintenance activities in GWCheck as you can in Mailbox/Library Maintenance in 
ConsoleOne: 

+ “Using Mailbox/Library Maintenance Tab Options” on page 452 

+ “Reusing Mailbox/Library Maintenance Settings” on page 454 


Using Mailbox/Library Maintenance Tab Options 


Both GWCheck and Mailbox/Library Maintenance in ConsoleOne use tab options to control the 
checking process. 

+ “Databases” on page 452 

+ “Logging” on page 453 

+ “Results” on page 453 

+ “Misc” on page 453 

+ “Exclude” on page 454 


Databases 
To select the types of database to perform the Mailbox/Library Maintenance check on, click Databases. 


Databases | Logging | Resutts | Misc | Exclude | 


V User 


[V Message 


[ Document 


Depending on the object type and action already selected in the main window, some database types 
might be unavailable. If all the database types are unavailable, then one or more database types have 
been preselected for you. 


You can perform an action on the following databases when the type is not unavailable: 


+ User: Checks the user databases. 
+ Message Databases: Checks the message databases. 


+ Document: Checks the library and document properties databases. 
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Logging 


To specify the name of the file where you want the results of the MailBox/Library Maintenance check 
to be stored, click Logging. 


Databases Logging | Resuits | Misc | Exclude | 


Log File: 


T Verbose logging 


Specify a file name. By default, the file is created in the post_office_directory \wpcsout \ ofs directory. 


Click Verbose Logging to log detailed information. Verbose logging might produce large log files and 
slow execution. 


This file is sent to the users selected on the Results tab. 
Results 
To select users to receive the results of the Mailbox/Library Maintenance check, click Results. 


Databases | Logging Results | Misc | Exclude | 


Send resuttsto: |V Administrator [ Individual users 


cc: | 


Message... 


Select Administrator to send the results to the user defined as the GroupWise domain administrator. 
Select Individual Users to send each user the results that pertain to him or her. Specify each user’s 
GroupWise user ID (mailbox ID) or email address in a comma-delimited list. Click Message to include 
a message with the results file. 


Misc 
If you need to run a Mailbox/Library Maintenance check with special options provided by Novell 
Support, click Misc. 


Databases | Logging | Results Misc | Exclude | 


Support options: 


Use the Support Options field to specify command line parameters. Support options are typically 
obtained from Novell Support representatives when you need assistance resolving specific database 
problems. Search the Novell Support Knowledgebase (http://www.novell.com/support) for TIDs and 
Support Pack Readmes that list support options. Make sure that you clearly understand what the 
Support options do before you use them. 
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Exclude 


If you want to exclude certain users in the selected post office from having the Mailbox/Library 
Maintenance check performed on their databases, click Exclude. 


Databases | Logging | Resutts | Misc Exclude | 


Add... 


ES 


Click Add, select one or more users to exclude, then click OK. 


Reusing Mailbox/Library Maintenance Settings 


For convenience, you can store the options you select in Mailbox/Library Maintenance and GWCheck 
so that you can retrieve them for later use. 

+ “Saving Mailbox/Library Maintenance Options” on page 454 

+ “Retrieving Mailbox/Library Maintenance Options” on page 454 


Saving Mailbox/Library Maintenance Options 
1 After you have selected all of the options in the Mailbox/Library Maintenance dialog box, click 
Save. 
2 Browse to the directory where you want to save the options file. 
You might want to save it in the domain directory to which you are currently connected. 
3 Specify a file name if you do not want to use the default of gwcheck . opt. 
4 Click Save. 


The GWCheck options file is created in XML format on all platforms. Therefore, you can create 
the GWCheck options file on any platform and use it on any platform interchangeably. 


Retrieving Mailbox/Library Maintenance Options 


1 In the Mailbox/Library Maintenance dialog box, click Retrieve. 
2 Browse to and select your saved option file. 
3 Click Open. 


Executing GWCheck from a Windows Batch File 


The GWCheck program is located in the \admin\utility\tools directory in your GroupWise 
software distribution directory if it has been updated, or in the downloaded GroupWise 2012 software 
image if an updated software distribution directory is not available. It might also be installed along 
with the GroupWise client software in the gwcheck subdirectory of the client installation directory. 


1 Use the following syntax to create a batch file to execute GWCheck: 


gwcheck /opt=options file /batch 
If you want to include the path to an archive database, use the /pa switch. 


2 Tocreate an options file, see “Saving Mailbox/Library Maintenance Options” on page 454. 
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34.1.7 


Executing GWCheck from a Linux Script 


The GWCheck program is located in the /admin directory in your GroupWise software distribution 
directory if it has been updated, or in the downloaded Group Wise 2012 software image if an updated 
software distribution directory is not available. 


1 Make sure that GWCheck has been installed, as described in Section 34.1.3, “Using GWCheck on 
Linux,” on page 450 


2 Create a script to execute GWCheck using the following syntax: 
/opt/novell/groupwise/gwcheck/bin/gwcheck --opt=options file --batch 


If you did not create the options file in your home directory, specify the full path to the options 
file. 


If you want to include the path to an archive database, use the --pa switch. 


3 To create an options file, see “Saving Mailbox/Library Maintenance Options” on page 454. 


GWCheck Startup Switches 


The following startup switches can be used with GWCheck: 


Linux GWCheck Windows GWCheck 


--batch /batch 
--lang /lang 
--opt /opt 
--pa /pa 
--po Ipo 
--pr lpr 
lbatch 


Indicates that you want to run GWCheck without a user interface. Because you do not provide the 
desired options from the interface, you must provide an options file. 


Linux GWCheck Windows GWCheck 


Syntax: --batch /batch 
For example, to specify that you want GWCheck to run it batch mode, you would use: 


Linux: -/gwcheck --opt=gwcheck.opt --batch 


Windows: gwcheck /opt=gwcheck.opt /batch 
lang 


Specifies the language to run GWCheck in, using a two-letter language code. You must install 
GWCheck in the selected language in order for it to display in the selected language. 
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Linux GWCheck Windows GWCheck 


Syntax: --lang=language code llang=language code 


For a list of current language codes, see Chapter 7, “Multilingual GroupWise Systems,” on page 123. 


For example, to specify that you want GWCheck to run in Spanish, you would use: 


Linux: ./gwcheck --opt=gwcheck.opt --lang=es 


Windows: gwcheck /opt=gwcheck.opt /lang=es 


lopt 
Specifies a database maintenance options file created in a GWCheck session. This starts GWCheck 


with the same options settings as the session in which the options file was created. The default 
location of the options file varies by platform: 


Linux: User's home directory 


Windows: Directory where gwcheck .exe is installed. 
If the options file is not in the default directory, you must specify the full path name. 


Linux GWCheck Windows GWCheck 
Syntax: --opt=file name lopt=file name 
For example, to start GWCheck with saved settings, you would use: 
Linux: -/gwcheck --opt=gwcheck.opt 


./gwcheck --opt=/gwsystem/post1/gwcheck .opt 


Windows: gwcheck /opt=gwcheck.opt 
gwcheck /opt=\gwsystem\post1\gwcheck. opt 


Ipa 
Specifies the path to an archive database. 


Linux GWCheck Windows GWCheck 


Syntax: --pa=path_to_archive /pa=path_to_archive 


For example, to specify the archive database that a user keeps is his or her home directory, you would 
use: 


Linux: ./gwcheck --opt=gwcheck.opt --batch --pa=/home/gsmith\of7bharc 


Windows: gwcheck /opt=gwcheck.opt /batch /pa=\home\gsmith\of7bharc 
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Ipo 


Specifies the path to a post office. 


Linux GWCheck Windows GWCheck 


Syntax: --po=path to post office /po=path to post office 
For example, to specify a post office directory, you would use: 


Linux: -/gwcheck --opt=gwcheck.opt --batch --po=/mail/sales 


Windows: gwcheck /opt=gwcheck.opt /batch /po=\mail\sales 


lpr 


Specifies the path to a Remote mailbox. 


Linux GWCheck Windows GWCheck 


Syntax: --pr=path_to_mailbox /pr=path_to_mailbox 
For example, to specify the Remote mailbox that a user keeps on a computer at home, you would use: 


Linux: ./gwcheck --opt=gwcheck.opt --pr=/novell/groupwise\of7bharc 


Windows: gwcheck /opt=gwcheck.opt /pr=\novell\groupwise\of7bhare 


34.2 GroupWise Time Stamp Utility 


You can use the GroupWise Time Stamp (GWTMSTMP) utility to ensure that GroupWise user 
databases include the dates when they were last backed up, restored, and retained. 


The following sections provide information about the utility: 


+ Section 34.2.1, “GWTMSTMP Functionality,” on page 457 

+ Section 34.2.2, “Running GWTMSTMP on Linux,” on page 458 

+ Section 34.2.3, “Running GWTMSTMP on Windows,” on page 459 
+ Section 34.2.4, “GWTMSTMP Startup Switches,” on page 459 


34.2.1 GWTMSTMP Functionality 


GWTMSTMP places date and time information on user databases (userxxx. db) in order to support 
message backup, restore, and retention. No other databases are affected. You can run GWTMSTMP 
on all user databases in a post office or on a single user database. 
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Backup 


To ensure thorough user database backups, you can make sure that deleted items are not purged 
from users’ databases until they have been backed up. Two conditions must be met in order to 
provide this level of protection against loss of deleted items: 


+ The Do Not Purge Items Until They Are Backed Up option must be selected in ConsoleOne, as 
described in “Environment Options: Cleanup” on page 1039. 


+ User databases (userxxx.db) must be time-stamped every time a backup is performed so that 
items can be purged only after being backed up. 


Restore 


The restore time stamp is not required for any Group Wise feature to work properly. Its primary 
purpose is informational. 


Retention 


If you use a message retention application, as described in Chapter 33, “Retaining User Messages,” 
on page 441, the application should automatically add the retention time stamp after retaining the 
database's messages. Any messages with dates that are newer than the retention time stamp cannot 
be purged from the database. 


You can also use GWTMSTMP to manually add a retention time stamp. 


Modified Retention 


If you use a message retention application, you might need to retain items more than once if you 
want to capture changes to personal subjects and personal attachments on items. You can use 
GWTMSTMP to manually update the retention time stamp on modified items, so that they are 
retained again. 


Running GWTMSTMP on Linux 


The GWTMSTMP executable (gwtmstmp) is installed into the bin and lib subdirectories of /opt/ 
novell/groupwise/agents along with the GroupWise agents (POA and MTA). You can copy it to 
additional locations if needed. 


To check the existing time stamp on all GroupWise user databases in a post office, use the following 
command: 


Syntax: 
./gwtmstmp -p /post_office directory 
Example: 
./gwtmstmp -p /gwsystem/acct 
The results are displayed on the screen. 
To set a current time stamp on all user databases in a post office, use the following command: 
Syntax: 


./gwtmstmp -p /post_office directory --set 
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Example: 
./gwtmstmp -p /gwsystem/acct --set 


A basic backup time stamp can also be set in ConsoleOne. Select a Post Office object, then click Tools > 
GroupWise Utilities > Backup/Restore Mailbox. On the Backup tab, select Backup, then click Yes. 


More specialized functionality is provided through additional GWTMSTMP startup switches. See 
Section 34.2.4, “GWTMSTMP Startup Switches,” on page 459. 


To remind yourself of these options when you are at your Linux server, view the gwtmstmp man 
page. 


Running GWTMSTMP on Windows 


The GWTMSTMP program file (gwtmstmp . exe) is installed into the same directory where you 
installed the GroupWise agents (POA and MTA). You can copy it to additional locations if needed. 


To check the existing time stamp on all GroupWise user databases in a post office, use the following 
command: 


Syntax: 
gwtmstmp.exe /p-drive:\post office directory 
Example: 


gwtmstmp.exe /p-m:\gwsystem\acct 
The results are displayed on the screen 
To set a current time stamp on all user databases in a post office, use the following command: 
Syntax: 
gwtmstmp.exe /p-drive:\post office directory /set 
Example: 
gwtmstmp.exe /p-m:\gwsystem\acct /set 


A basic backup time stamp can also be set in ConsoleOne. Select a Post Office object, then click Tools > 
GroupWise Utilities > Backup/Restore Mailbox. On the Backup tab, select Backup, then click Yes. 


More specialized functionality is provided through additional GWTMSTMP startup switches. 


GWTMSTMP Startup Switches 


The following startup switches can be used with GWTMSTMP: 


Linux GWTMSTMP Windows GWTMSTMP 
-p IP 

--backup or -b /backup 

--restore or -r /restore 

--retention or - n /retention 


--modifiedretention or -mn /modifiedretention 
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Linux GWTMSTMP Windows GWTMSTMP 


--get or -g /get 
--set or -S /set 
--clear or -C /clear 
--date or -d /date 
--time or -t /time 
--gmttime or -m /gmttime 
--userid or -u lu 
--userdb or -e luserdb 


-P 


Specifies the post office directory where the user databases to time-stamp are located. This switch is 
required. 


Linux GWTMSTMP Windows GWTMSTMP 
Syntax: -p /post office dir Ip-drive:Wwost office dir 
Example: -p /gwsystem/dev /p-j:\dev 


--backup, --restore, --retention, and --modifiedretention 


Specifies the time stamp on which to perform the get or set operation. If no time stamp is specified, 
the operation is performed on the backup time stamp. 


Linux GWTMSTMP Windows GWTMSTMP 
Syntax: --backup -b /backup 

--restore -r /restore 

--retention -n /retention 

--modifiedretention -mn /modifiedretention 


For example, to set the restore time stamp, you would use: 


Linux: ./gwtmstmp -p /gwsystem/dev --restore --set 


Windows: gwtmstmp /p-j:\dev /restore /set 


--get 


Lists existing backup, restore, and retention time stamp information for user databases. If no time 
stamps are set, no times are displayed. 
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Linux GWTMSTMP Windows GWTMSTMP 


Syntax: --get -g /get 
For example: 


Linux: ./gwtmstmp -p /gwsystem/dev --get 


Windows: gwtmstmp /p-j:\dev /get 


If no other operational switch is used, /get is assumed. The following example returns the same 
results as the above example: 


Linux: ./gwtmstmp -p /gwsystem/dev 


Windows: gwtmstmp /p-j:\dev 
--Set 
Sets the current date and time on user databases. 


Linux GWTMSTMP Windows GWTMSTMP 


Syntax: --set -S /set 
For example, to set the backup time stamp, you would use: 


Linux: ./gwtmstmp -p /gwsystem/dev --backup --set 


Windows: gwtmstmp /p-j:\dev /backup /set 
or 


Linux: ./gwtmstmp -p /gwsystem/dev --set 


Windows: gwtmstmp /p-j:\dev /set 
--Clear 
Clears existing time stamps. 


Linux GWTMSTMP Windows GWTMSTMP 


Syntax: --clear -C /clear 
For example, to clear all time stamps on databases in a post office, you would use: 


Linux: ./gwtmstmp -p /gwsystem/dev --clear 


Windows: gwtmstmp /p-j:\dev /clear 
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--date 


Specifies the date that you want placed on user databases. 


Linux GWTMSTMP Windows GWTMSTMP 
Syntax: --date mmiddlyyyy -d mmiddlyyyy Idate-mm/ddlyyyy 
Example: --date 05/18/2012 -d 05/18/2012 /date-04/12/2012 


For example, to set the restore date to June 15, 2012, you would use: 


Linux: ./gwtmstmp -p /gwsystem/dev --restore --date 06/15/2012 


Windows: gwtmstmp /p-j:\dev /restore /date-06/14/2012 


--time 


Specifies the time that you want placed on user databases. 


Linux GWTMSTMP Windows GWTMSTMP 
Syntax: --time hh:mm am|pm -t hh:mm am|pm /time-hh:mm am|pm 
Example: --time 2:00am -t 2:00am /time-6:15pm 


For example, to set the restore time to 4:45 p.m., you would use: 
Linux: ./gwtmstmp -p /gwsystem/dev --restore --time 4:45pm 


Windows: gwtmstmp /p-j:\dev /restore /time-4:45pm 


--gmttime 


Specifies the time in seconds since January 1, 1970, Greenwich Mean Time (GMT), that you want 
placed on user databases. 


Linux GWTMSTMP Windows GWTMSTMP 


Syntax: --gmttime seconds -m seconds /gmttime-seconds 


--userid 


Provides a specific GroupWise user ID so that an individual user database can be time-stamped. 


Linux GWTMSTMP Windows GWTMSTMP 
Syntax: --userid userID -u userlD Ju-userlD 
Example: ---userid gsmith -u gsmith /u-mbarnard 
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For example, to set the retention time stamp for a user whose GroupWise user ID is mpalu, you 
would use: 


Linux: ./gwtmstmp -p /gwsystem/dev --userid mpalu --retention --set 


Windows: gwtmstmp /p-j:\dev /u-mpalu /retention /set 


--userdb 


Provides a specific GroupWise user database (userxxx. db) so that an individual user database can 
be time-stamped. 


Linux GWTMSTMP Windows GWTMSTMP 
Syntax: --userdb user database -e user database  /userdb user database 
Example: --userdb user3gh.db luserdb user3gh.db 


For example, to set the retention time stamp for a user whose user database is named user3gh, you 
would use: 


Linux: -/gwtmstmp -p /gwsystem/dev --userdb user3gh.db --retention --set 


Windows: gwtmstmp /p-j:\dev /userdb user3gh.db /retention /set 


34.3 GroupWise Database Copy Utility 


You can use the GroupWise Database Copy Utility to back up your GroupWise system if you would 
prefer not to purchase a third-party backup solution, as recommended in Chapter 31, “Backing Up 
GroupWise Databases,” on page 431. 

+ Section 34.3.1, “DBCopy Functionality,” on page 463 

+ Section 34.3.2, “Using DBCopy on Linux,” on page 464 

+ Section 34.3.3, “Using DBCopy on Windows,” on page 465 

+ Section 34.3.4, “DBCopy Startup Switches,” on page 465 


IMPORTANT: If you want to move domains and post offices from NetWare or Windows to Linux, 
see the GroupWise Server Migration Guide. The migration process includes DBCopy startup switches 
that are not described in this GroupWise 2012 Administration Guide because they are used only for 
migration. 


34.3.1 DBCopy Functionality 


The GroupWise Database Copy utility (DBCopy) copies files from a live GroupWise post office or 
domain to a static location for backup. During the copy process, DBCopy prevents the files from 
being modified, using the same locking mechanism used by other GroupWise programs that access 
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databases. This ensures that the backed-up versions are consistent with the originals even when large 
databases take a substantial amount of time to copy. DBCopy is a multi-threaded application that 
provides highly efficient copying of large guantities of data. 


DBCopy copies only GroupWise-recognized directories and files, as illustrated in “Post Office 
Directory” and “Domain Directory” in “Directory Structure Diagrams” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. DBCopy does not copy some directories: 


+ Post office queue directories (wpcsin and wpcsout): Only post office data files and directories 
are copied. Oueue directories are not copied. 
+ All domain subdirectories: Only domain files are copied. Queue directories are not copied. 


+ All subdirectories under each gateway directory in wpgate: Only gateway files are copied from 
each gateway directory. Oueue directories of gateway directories are not copied. For example, 
under gwia, gateway files are copied, but no gateway subdirectories are copied. 


When planning disk space for your backups, you should plan to have at least three times the size ofa 
post office. This accommodates the post office itself, the backup of the post office, and extra space for 
subsequent growth of the post office. 


Typically, domains grow less than post offices, so domain backups should occupy somewhat less 
disk space. 


Using DBCopy on Linux 


1 Change to the directory where the DBCopy RPM is located or copy it to a convenient location on 
your workstation. 


The DBCopy RPM (groupwise-dbcopy-version-mmdd.i386.rpm) is located in the /admin 
directory in your Group Wise software distribution directory if you have created one or in the 
downloaded GroupWise 2012 software image. 


2 Install DBCopy. 
rpm -i groupwise-dbcopy-version-mmdd.i386.rpm 
3 Change to the /opt/novell/groupwise/agents/bin directory. 
4 Use the following command to back up a post office: 
./dbcopy /post office directory /destination directory 
Or 
Use the following command to back up a domain: 
./dbcopy /domain directory /destination directory 
Or 
Use the following command to back up a remote document storage area: 
./dbcopy -b /storage area directory /destination directory 


You can include the -i switch in any of these commands to provide the date (mm-dd-yyyy) of the 
previous copy. This causes DBCopy to copy only files that have been modified since the 
previous copy, like an incremental backup. 


To remind yourself of these options when you are at your Linux server, view the dbcopy man 
page. 
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DBCopy creates a log file named mmddgwbk . nnn. The first four characters represent the date. A 
three-digit extension allows for multiple log files created on the same day. The log file is created 
at the root of the destination directory. Include the -v switch in the dbcopy command to enable 
verbose logging for the backup. 


5 After DBCopy has finished copying the post office, domain, or remote document storage area, 
use your backup software of choice to back up the static copy of the data. 


6 Afterthe backup has finished, delete the static copy of the data to conserve disk space. 


You might find it helpful to set up a cron job to run DBCopy regularly at a time of day when your 
system is not busy. 


Using DBCopy on Windows 


1 Ata command prompt, change to the directory where you installed the GroupWise agents 
(typically c:\Program Files\Novell\GroupWise Server\Agents). 


2 Use the following command to back up a post office: 


dbcopy.exe \post office directory \destination directory 


Or 


Use the following command to back up a domain: 


dbcopy.exe \domain directory \destination directory 
or 


Use the following command to back up a remote document storage area: 


dbcopy.exe /b \storage area directory \destination directory 


You can include the /i switch in any of these commands to provide the date (mm-dd-yyyy) of the 
previous copy. This causes DBCopy to copy only files that have been modified since the 
previous copy, like an incremental backup. 


DBCopy creates a log file named mmddgwbk . nnn. The first four characters represent the date. A 
three-digit extension allows for multiple log files created on the same day. The log file is created 
at the root of the destination directory. Include the /v switch in the dbcopy command to enable 
verbose logging for the backup. 


3 After DBCopy has finished copying the post office, domain, or remote document storage area, 
use your backup software of choice to back up the static copy of the data. 


4 After the backup has finished, delete the static copy of the data to conserve disk space. 


DBCopy Startup Switches 


The following startup switches can be used with DBCopy when you are preparing to back up 
GroupWise data: 


Linux Windows Explanation 
DBCopy DBCopy 


--b /b Backup of BLOB files in a document storage area 


-i li Incremental backup 
-j lj DBCopy priority control 
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-t It Number of threads 
-V N Verbose logging 
-W Iw Continuous logging to the screen 


-b 


Indicates that DBCopy is copying a document storage area, which includes BLOB (binary large 
object) files. Use this switch only when you need to copy BLOB files. 


Specifies the date of the previous copy of the data. This causes DBCopy to copy only files that have 
been modified since the previous copy, like an incremental backup. There is no default date; you 
must specify a date. 


Linux DBCopy Windows DBCopy 
Syntax: -i mm-dd-yyyy li mm-dd-yyyy 
Example: -i 5-18-2012 /i 10-30-2012 


J 
Raises the priority of DBCopy processing. By default, if DBCopy detects that a POA is running, it 
lowers its own priority so that it does not interfere with POA processing. If DBCopy runs at night, 


when GroupWise users are not active, use the -j switch so that DBCopy does not lower its own 
priority. This speeds up DBCopy processing. 


t 


Specifies the number of threads that you want DBCopy to start for copying data. The default number 
of threads is 5. Valid values range from 1 to 10. 


Linux DBCopy Windows DBCopy 
Syntax: -t number /t number 
Example: -t10 /t 10 


-V 


Specifies verbose logging, which provides more detail than the default of normal logging. DBCopy 
creates a log file named mmddgwbk . nnn. The first four characters represent the date. A three-digit 
extension allows for multiple log files created on the same day. The log file is created at the root ofthe 
destination directory. By default, DBCopy provides a normal level of logging. 
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-W 


Turns on continuous logging to the screen. 
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Post Office Agent 


+ Chapter 35, “Understanding Message Delivery and Storage in the Post Office,” on page 471 
* Chapter 36, “Configuring the POA,” on page 481 

* Chapter 37, “Monitoring the POA,” on page 525 

* Chapter 38, “Optimizing the POA,” on page 559 

* Chapter 39, “Managing Indexing of Attachment Content,” on page 573 

* Chapter 40, “Using POA Startup Switches,” on page 581 


For a complete list of port numbers used by the POA, see Section A.3, “Post Office Agent Port 
Numbers,” on page 1167. 


For detailed Linux-specific POA information, see Appendix C, “Linux Commands, Directories, and 
Files for GroupWise Administration,” on page 1179. 


For additional assistance in managing the POA, see GroupWise Best Practices (http:// 
wiki.novell.com/index.php/GroupWise). 
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Understanding Message Delivery and 
Storage in the Post Office 


A post office is a collection of user mailboxes and GroupWise objects. Messages are delivered into 
mailboxes by the Post Office Agent (POA). The following topics help you understand the post office 
and the functions of the POA: 

+ Section 35.1, “Post Office Representation in ConsoleOne,” on page 471 

+ Section 35.2, “Post Office Directory Structure,” on page 472 

+ Section 35.3, “Information Stored in the Post Office,” on page 472 

+ Section 35.4, “Post Office Access Mode,” on page 476 

+ Section 35.5, “Role of the Post Office Agent,” on page 477 

+ Section 35.6, “Message Flow in the Post Office,” on page 479 


35.1 Post Office Representation in ConsoleOne 


In ConsoleOne, post offices are container objects that contain at least one POA object, as shown 
below: 
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35.3 


35.3.1 


Although each post office is linked to a domain, it does not display as subordinate to the domain in 
the Console View. However, using the GroupWise View, you can display post offices as subordinate 
to the domains to which they are linked in your GroupWise system. 
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Post Office Directory Structure 


Physically, a post office consists of a set of directories that house all the information stored in the post 
office. See “Post Office Directory” in GroupWise 2012 Troubleshooting 3: Message Flow and Directory 
Structure. 


Information Stored in the Post Office 


The following types of information are stored in the post office: 


+ Section 35.3.1, “Post Office Database,” on page 472 
+ Section 35.3.2, “Message Store,” on page 473 
+ Section 35.3.3, “Guardian Database,” on page 474 
+ Section 35.3.4, “Agent Input/Output Queues in the Post Office,” on page 475 
+ Section 35.3.5, “Libraries (optional),” on page 476 
All databases in the post office should be backed up regularly. How often you back up GroupWise 


databases depends on the reliability of your network and hardware. See Section 31.2, “Backing Up a 
Post Office,” on page 431. 


Post Office Database 


The post office database (wphost . db) contains all administrative information for the post office, 
including a copy of the GroupWise Address Book. This information is necessary for users to send 
messages to others in the GroupWise system. 
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35.3.2 Message Store 


GroupWise messages are made up of three parts: 


+ Message Header: The message header contains addressing information including the sender’s 
address, recipient's address, message priority, status level, and a pointer that links the header to 
the message body. 


+ Message Body: The message body contains the message text in an encrypted format and a 
distribution list containing user IDs of the sender and recipients. 


+ File Attachments (optional): File attachments can be any type of file that is attached to the 
message. 


The message store consists of directories and databases that hold messages. The message store is 
shared by all members of the post office so only one copy of a message and its attachments is stored 
in the post office, no matter how many members of the post office receive the message. This makes 
the system more efficient in terms of message processing, speed, and storage space. 


All information in the message store is encrypted to prevent unauthorized access. 
The message store contains the following components: 


+ “User Databases” on page 473 
+ “Message Databases” on page 474 
+ “Attachments Directory” on page 474 


User Databases 


Each member of the post office has a personal database (userxxx.db) which represents the user's 
mailbox. The user database contains the following: 

+ Message header information 

¢ Pointers to messages 

* Folder assignments 

* Personal groups 

+ Personal address books 

+ Rules 

+ Contacts 

+ Checklists 

+ Categories 

+ Junk Mail lists 
When a member of another post office shares a folder with one or more members of the local post 


office, a “prime user” database (puxxxxx . db) is created to store the shared information. The “prime 
user” is the owner of the shared information. 


Local user databases and prime user databases are stored in the ofuser directory in the post office. 
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Message Databases 


Each member of the post office is arbitrarily assigned to a message database (msgnnn.db) where the 
body portions of messages are stored. Many users in a post office share a single message database. 
There can be as many as 255 message databases (numbered 0 through 254) in a post office. Message 
databases are stored in the ofmsg directory in the post office. 


Historical Note: Prior to GroupWise 7, the POA created a maximum of 25 message databases per post 
office. The current maximum of 255 message databases speeds up message delivery and minimizes 
user impact if a database is damaged. 


Outgoing messages from local senders are stored in the message database assigned to each sender. 
Incoming messages from users in other post offices are stored in the message database that 
corresponds to the message database assigned to the sender in his or her own post office. In each 
case, only one copy of the message is stored in the post office, no matter how many members of the 
post office it is addressed to. 


Attachments Directory 


The attachments directory (of files) contains subdirectories that store file attachments, message 
text, and distribution lists that exceed 2 KB. Items of this size are stored more efficiently as files than 
as database records. The message database contains a pointer to where each item is found. 


Guardian Database 


The guardian database (ngwguard. db) serves as the master copy of the data dictionary information 
for the following subordinate databases in the post office: 


+ User databases (userxxx. db) 
+ Message databases (msgnnn. db) 
+ Prime user databases (puxxxxx. db) 


+ Library databases (dmsh.db and dmxxnn01-FF.db) 


The guardian database is vital to GroupWise functioning. Therefore, the POA has an automated fall- 
back and roll-forward process to protect it. The POA keeps a known good copy of the guardian 
database called ngwguard. fbk. Whenever it modifies the ngwguard. db file, the POA also records the 
transaction in the roll-forward transaction log called ngwguard.rf1. If the POA detects damage to 
the ngwguard. db file on startup or during a write transaction, it goes back to the ngwguard. fbk file 
(the “fall back” copy) and applies the transactions recorded in the ngwguard.rf1 file to create a new, 
valid and up-to-date ngwguard. db. 


In addition to the POA fall-back and roll-forward process, you should still back up the ngwguard.äb, 
ngwguard. fbk, and ngwguard. rf1 files regularly to protect against media failure. Without a valid 
ngwguard.db file, you cannot access your email. With current ngwguard. fbk and ngwguard.rf1 
files, a valid ngwguard. db file can be rebuilt should the need arise. 


The ngwguard. dc file is the structural template for building the guardian database and its 
subordinate databases. Also called a dictionary file, the ngwguard.dc file contains schema 
information, such as data types and record indexes. If this dictionary file is missing, no additional 
databases can be created in the post office. 
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Agent Input/Output Queues in the Post Office 


Each post office contains agent input/output queues where messages are deposited and picked up for 
processing by the POA and the MTA. The MTA transfers messages into and out of the post office, 
while the POA handles message delivery. 


For illustrations of the processes presented below, see “Message Delivery to a Different Post Office” 
and “Message Delivery to a Different Domain” in GroupWise 2012 Troubleshooting 3: Message Flow and 
Directory Structure. 


MTA Output Queue in the Post Office 


The MTA output queue in each post office is the post_office\wpcsout directory. 


If the MTA has a mapped or UNC link to the post office, the MTA writes user messages directly into 
its output queue, which requires write access to the post office. If the MTA has a TCP/IP link to the 
post office, the MTA transfers user messages to the POA by way of TCP/IP. The POA then stores the 
messages in the MTA output queue on behalf of the MTA, so the MTA does not need write access to 
the post office. 


The post _office\wpcsout\ofs subdirectory is where the MTA transfers user messages for delivery 
by the POA to users” mailboxes in the local post office. 


The MTA post officeXwpcsout ads subdirectory is where the MTA transfers administrative 
messages instructing the POA admin thread to update the post office database (wphost . db). 


POA Input Oueue in the Post Office 


The POA input queue in each post office is the post officelwpcsout directory, which is the same as 
the MTA output gueue. 


The post officeXwpcsout \ofs subdirectory is where the POA picks up user messages deposited 
there by the MTA and updates the local message store, so users receive their messages. 


The post_office\wpcsout \ads subdirectory is where the POA admin thread picks up 
administrative messages deposited there by the MTA and updates the post office database 
(wphost . db). 


POA Output Queue in the Post Office 


The POA output queue (post_office\ wpcsin) is where the POA deposits user messages for the MTA to 
transfer to other domains and post offices. 


Historical Note: In earlier versions of GroupWise, the GroupWise client wrote user messages to the 
POA output queue when using direct access to the post office. In GroupWise 6.x and later, client/ 
server access to the post office is the preferred method. 


MTA Input Queue in the Post Office 


The MTA input queue in each post office (post_office\wpcsin) is the same as the POA output 
queue. The MTA picks up user messages deposited there by the POA and transfers them to other 
domains and post offices. 


For a mapped or UNC link between the domain and post office, the MTA requires read/write access 
rights to its input/output queues in the post office. For a TCP/IP link, no access rights are required 
because messages are communicated to the MTA by way of TCP/IP. 
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35.4 


Libraries (optional) 


A library is a collection of documents and document properties stored in a database system that can 
be managed and searched. You do not need to set up libraries unless you are using GroupWise 
Document Management Services (DMS). See Part VII, “Libraries and Documents,” on page 313. 


Library Databases 


The databases for managing libraries are stored in the gwdms directory and its subdirectories in the 
post office. 


The dmsh. db file is a database shared by all libraries in the post office. It contains information about 
where each library in the post office is located. 


Each library has its own subdirectory in the gwdms directory. In each library directory, the 
dmxxnn01-FF.db files contain information specific to that library, such as document properties and 
what users have rights to access the library. 


Document Storage Areas 


The actual documents in a library are not kept in the library databases. They are kept in a document 
storage area, which consists of a series of directories for storing document files. Documents are 
encrypted and stored in BLOBs (binary large objects) to make document management easier. A 
document, its versions, and related objects are stored together in the same BLOB. 


A document storage area might be located in the post office directory structure, or in some other 
location where more storage space is available. If it is located in the post office, the document storage 
area can never be moved. Therefore, storing documents in the post office directory structure is not 
usually recommended. If it is stored outside the post office, a document storage area can be moved 
when additional disk space is required. 


Post Office Access Mode 


The GroupWise 6.x and later Windows client uses client/server access mode to the post office. This 
requires a TCP/IP connection between the GroupWise clients and the POA in order for users to access 
their mailboxes. Benefits of client/server access include: 


+ Load Balancing: The workload is split between the client workstation and the POA on another 
server. The POA can perform a processor-intensive request while the client is doing something 
else. 


+ Database Integrity: The GroupWise client does not need write access to databases in the post 
office. Therefore, client failures cannot damage databases. 


+ Reduced Network Traffic: Requests are processed on the POA server and only the results are 
sent back across the network to the client workstation. 


¢ Tighter Security: Client users do not need to log in to the server where the post office is located. 
This eliminates the need for users to have write access to the post office directory. 


¢ Scalability: More concurrent users can be supported in a single post office. 


+ Platform Independence: The GroupWise client on any platform can access the post office by 
way of TCP/IP communication with the POA. 


* Simplified Client Connections: The GroupWise client can communicate with any POA in the 
GroupWise system. Any POA can then redirect the client to connect to the correct POA for the 
users’ post office. 
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35.5 


35.5.1 


Historical Note: In GroupWise 5.x, the GroupWise client allowed the user to enter a path to the post 
office directory to facilitate direct access mode. The GroupWise 6.x and later clients no longer offer 
that option. However, you can force the GroupWise 6.x and later client to use direct access by starting 
it with the --ph switch and providing the path to the post office directory. 


Role of the Post Office Agent 


The GroupWise Post Office Agent (POA) delivers messages to users’ mailboxes, connects users to 
their post offices in client/server access mode, updates post office databases, indexes messages and 
documents, and performs other post office-related tasks. You must run at least one POA for each post 
office. 


The following sections help you understand the various functions of the POA: 


+ Section 35.5.1, “Client/Server Processing,” on page 477 
+ Section 35.5.2, “Message File Processing,” on page 478 
+ Section 35.5.3, “Other POA Functions,” on page 478 


Client/Server Processing 


Using client/server access mode, the GroupWise client maintains one or more TCP/IP connections 
with the POA and does not access the post office directly. Consequently, the performance of the POA 
in responding to requests from the GroupWise client directly affects the GroupWise client’s 
responsiveness to users. To provide the highest responsiveness to client users, you can configure a 
POA just to handle client/server processing. See Section 38.1.3, “Configuring a Dedicated Client/ 
Server POA (Windows Only),” on page 562. 


When using client/server access mode, the GroupWise client can be configured to control how much 
time it spends actually connected to the POA. 


+ In Online mode, the client is continuously connected. 


+ In Caching mode, the client connects at regular intervals to check for incoming messages and 
also whenever the client user sends a message. Address lookup is performed locally. Caching 
mode allows the POA to service a much higher number of users than Online Mode. 


+ In Remote mode, the client connects whenever the client user chooses, such as when using a 
brief modem connection to download and upload messages. 


For more information about the client modes available with client/server access mode, see “Using 
Caching Mode” and “Using Remote Mode” in the GroupWise 2012 Windows Client User Guide 


Client/server access mode also allows users to access their GroupWise mailboxes from POP and 
IMAP clients, in addition to the GroupWise client. See Section 36.2.3, “Supporting IMAP Clients,” on 
page 498. 


In client/server mode, the POA is enabled for secure SSL connections by default. If necessary, you can 
configure the POA to force SSL connections with all clients. See Section 36.3.3, “Securing the Post 
Office with SSL Connections to the POA,” on page 508. 
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Message File Processing 


Messages from users in other post offices arrive in the local post office in the form of message files 
deposited in the POA input queue. See Section 35.3.4, “Agent Input/Output Queues in the Post 
Office,” on page 475. 


The POA picks up the message files and updates all user and message databases to deliver incoming 
messages in the local post office. To provide timely delivery for a large volume of incoming 
messages, you can configure a POA just to handle message file processing. See Section 38.2.2, 
“Configuring a Dedicated Message File Processing POA (Windows Only),” on page 565. 


Other POA Functions 


In addition to client/server processing (interacting with client users) and message file processing 
(delivering messages), the POA: 


+ 


Performs indexing tasks for document management. 


See Section 39.1, “Regulating Indexing,” on page 573. 

Performs scheduled maintenance on databases in the post office. 

See Section 36.4.1, “Scheduling Database Maintenance,” on page 517. 

Monitors and manages disk space usage in the post office. 

See Section 36.4.2, “Scheduling Disk Space Management,” on page 520. 

Restricts the size of messages that users can send outside the post office. 

See Section 36.2.7, “Restricting Message Size between Post Offices,” on page 504. 
Primes users” mailboxes for Caching mode. 

See Section 36.2.6, “Supporting Forced Mailbox Caching,” on page 503. 


Performs nightly user upkeep so users do not need to wait while the Group Wise client performs 
it; also creates a downloadable version of the GroupWise Address Book for Remote and Caching 
USETS. 


See Section 36.4.3, “Performing Nightly User Upkeep,” on page 523. 

Provides LDAP authentication and LDAP server pooling. 

See Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 510. 
Prevents unauthorized access to the post office. 

See Section 36.3.5, “Enabling Intruder Detection,” on page 516. 

Tracks the Group Wise client software in use in the post office. 

See Section 36.2.5, “Checking What GroupWise Clients Are in Use,” on page 502. 


Automatically detects and repairs invalid information in user databases (userxxx.db) and 
message databases (msgnnn. db) for the local post office by using an efficient multi-threaded 
process. 


See Section 38.4.1, “Adjusting the Number of POA Threads for Database Maintenance,” on 
page 567. 


Automatically detects and repairs invalid information in the post office database (wphost . db). 


Automatically detects and repairs damage to the guardian database (ngwguard. db) in the post 
office. 


Updates the post office database whenever GroupWise users, resources, post offices, or other 
GroupWise objects are added, modified, or deleted. 
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+ Replicates shared folders between post offices. 
+ Executes GroupWise client rules. 


+ Processes requests from Group Wise Remote users. 


35.6 Message Flowin the Post Office 


To see how messages are delivered using client/server access mode, see “Message Delivery in the 
Local Post Office” in GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure. 
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Configuring the POA 


For POA system reguirements, see “Agent System Reguirements” in the GroupWise 2012 Installation 
Guide. For detailed instructions about installing and starting the POA for the first time, see “Installing 
GroupWise Agents” in the GroupWise 2012 Installation Guide. 


As your GroupWise system grows and evolves, you might need to modify POA configuration to 
meet the changing needs of the post office it services. The following topics help you configure the 


POA: 


+ Section 36.1, “Performing Basic 
POA Configuration,” on page 482 


+ Section 36.2, “Configuring User 
Access to the Post Office,” on 
page 494 


+ Section 36.3, “Configuring Post 
Office Security,” on page 505 


+ Section 36.4, “Configuring Post 
Office Maintenance,” on 
page 517 


Creating a POA Object in eDirectory 
Configuring the POA in ConsoleOne 


Changing the Link Protocol between the Post Office and the Domain 


Binding the POA to a Specific IP Address 

Moving the POA to a Different Server 

Adjusting the POA for a New Post Office Location 

Configuring the POA for Remote Server Login (Windows Only) 
Adjusting the POA Logging Level and Other Log Settings 


Using Client/Server Access to the Post Office 

Simplifying Client/Server Access with a GroupWise Name Server 
Supporting IMAP Clients 

Supporting SOAP Clients 

Checking What GroupWise Clients Are in Use 

Supporting Forced Mailbox Caching 

Restricting Message Size between Post Offices 


Securing Client/Server Access through an External Proxy Server 
Controlling Client Redirection Inside and Outside Your Firewall 
Securing the Post Office with SSL Connections to the POA 
Providing LDAP Authentication for GroupWise Users 

Enabling Intruder Detection 

Configuring Trusted Application Support 


Scheduling Database Maintenance 
Scheduling Disk Space Management 
Performing Nightly User Upkeep 
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36.1 


36.1.1 


Performing Basic POA Configuration 


POA configuration information is stored as properties of its POA object in eDirectory. The following 
topics help you modify the POA object in ConsoleOne and change POA configuration to meet 
changing system configurations: 


+ 


+ 


+ 


Section 36.1.1, “Creating a POA Object in eDirectory,” on page 482 
Section 36.1.2, “Configuring the POA in ConsoleOne,” on page 484 


Section 36.1.3, “Changing the Link Protocol between the Post Office and the Domain,” on 
page 487 


Section 36.1.4, “Binding the POA to a Specific IP Address,” on page 490 

Section 36.1.5, “Moving the POA to a Different Server,” on page 490 

Section 36.1.6, “Adjusting the POA for a New Post Office Location,” on page 491 

Section 36.1.7, “Configuring the POA for Remote Server Login (Windows Only),” on page 492 
Section 36.1.8, “Adjusting the POA Logging Level and Other Log Settings,” on page 493 


Creating a POA Object in eDirectory 


When you create a new post office, one POA object is automatically created for it. You can set up 
additional POAs for an existing post office if message traffic in the post office is heavy. To accomplish 
this, you must also create additional POA objects. 


To create anew POA object in Novell eDirectory: 


1 In ConsoleOne, browse to and right-click the Post Office object for which you want to create a 


new POA object, then click New > Object. 
Double-click GroupWise Agent to display the Create GroupWise Agent dialog box. 


Create GroupWise Agent 


Agent Name: 


Type: Cancel 


Help 
I Define additional properties 


[ Create another agent 


Type a unique name for the new POA. The name can include as many as 8 characters. Do not use 
any of the following invalid characters in the name: 


ASCII characters 0-31 Comma, 


Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Backslash \ Parentheses ( ) 

Braces { } Period . 

Colon : Slash / 


You use this name with the --name startup switch when you start the new POA. 
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The Type field is automatically set to Post Office. 

4 Select Define Additional Properties. 

5 Click OK. 

The POA object is automatically placed within the Post Office object. 


6 Review the information displayed for the first four fields on the Identification page to ensure 
that you are creating the correct type of Agent object in the correct location. 


N 


Properties of POA 


roupWise + || NDS Rights + | Other | Rights to Files and Folders 
lentification 


Domain PO: Provo1 Development 


Distinguished Name: POA, Development GroupWise 


Name: POA 


Agent Type: Post Office 


Description: = Post Office Agent 


Platform: [Linux 


Page Options... | Cancel | 


In the Description field, type one or more lines of text describing the POA. 


This description displays on the POA server console as the POA runs. When you run multiple 
POAs on the same server, the description should uniquely identify each one. If multiple 
administrators work at the server where the POA runs, the description could include a note 
about who to contact before stopping the POA. 


8 Inthe Platform field, select the platform (Linux or Windows) where the POA will run. 


9 Click OKto save the updated properties. 


10 


(Conditional) If you plan to set up the additional POA on the same server with the original POA: 


10a 


10b 


10c 


Assign it a unique port number on the Network Address properties page of the new POA 
object. 


Create a copy of the POA startup file associated with the original POA for use with the 
additional POA. 


Set up whatever mechanism you use for starting the original POA for use with the 
additional POA. 


For example, if you want to use the rcgrpwise script on Linux to start the additional POA, 
you must add a section in the gwha . conf file for it. For more information, see “Configuring 
the GroupWise High Availability Service in the gwha.conf File” in “Installing GroupWise 
Agents” in the GroupWise 2012 Installation Guide. 


If you plan to install the additional POA on a different server, the installation process takes 
care of these issues for you. 


11 Continue with Section 36.1.2, “Configuring the POA in ConsoleOne,” on page 484. 
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Configuring the POA in ConsoleOne 


The advantage to configuring the POA in ConsoleOne, as opposed to using startup switches ina 
POA startup file, is that the POA configuration settings are stored in eDirectory. 


1 In ConsoleOne, expand the eDirectory container where the Post Office object is located. 
2 Expand the Post Office object. 
3 Right-click the POA object, then click Properties. 


The table below summarizes the POA configuration settings in the POA object properties pages and 
how they correspond to POA startup switches (as described in Chapter 40, “Using POA Startup 
Switches,” on page 581). The table also includes settings on the Post Office object that correspond to 


POA startup switches. 


ConsoleOne Properties Pages 
and Settings 


POA Identification Page 


Domain.PO 
Distinguished Name 
Name 

Agent Type 
Description 

Platform 


POA Agent Settings Page 


Message File Processing 


Message Handler Threads 


Enable Client/Server 


Client/Server Handler Threads 


Max Physical Connections 
Max Application Connections 


Enable Caching 


Max Thread Usage for Priming 
and Moves 


Corresponding Tasks and Startup Switches 


See Section 36.1.1, “Creating a POA Object in eDirectory,” on page 482. 


See Section 38.2.2, “Configuring a Dedicated Message File Processing 
POA (Windows Only),” on page 565. 


See also --nomf, --nomfhigh, and --nomflow. 


See Section 38.2.1, “Adjusting the Number of POA Threads for Message 
File Processing,” on page 564. 


See also --threads. 


See Section 36.2.1, “Using Client/Server Access to the Post Office,” on 
page 494 and Section 38.1.3, “Configuring a Dedicated Client/Server POA 
(Windows Only),” on page 562. 


See also --notcpip. 


See Section 38.1.2, “Adjusting the Number of Connections for Client/Server 
Processing,” on page 561. 


See also --tcpthreads. 


See Section 38.1.2, “Adjusting the Number of Connections for Client/Server 
Processing,” on page 561. 


See also --maxphysconns and --maxappconns. 
See --nocache. 
See Section 36.2.6, “Supporting Forced Mailbox Caching,” on page 503. 


See also --primingmax. 
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ConsoleOne Properties Pages 
and Settings 


Enable IMAP 
Max IMAP Threads 


Enable SOAP 
Max SOAP Threads 


Enable SNMP 
SNMP Community "Get" String 


Disable Administration Task 
Processing 


HTTP User Name 
HTTP Password 


Network Address Page 
TCP/IP Address 


External IP Address 


Bind Exclusively to TCP/IP 
Address 


Message Transfer 


HTTP 


Internal Client/Server 
External Client/Server 


Corresponding Tasks and Startup Switches 


See Section 36.2.3, “Supporting IMAP Clients,” on page 498. 


See also --imap, --imapmaxthreads, --imapport, --imapreadlimit, 
--imapreadnew, --imapssl, and --imapsslport. 


See Section 36.2.4, “Supporting SOAP Clients,” on page 499. 

See also --soap and --soapmaxthreads. 

See Section 37.6, “Using an SNMP Management Console,” on page 553. 
See also --nosnmp. 


See --noada. 


See Section 37.2.1, “Setting Up the POA Web Console,” on page 540. 


See also --httpuser and --httppassword. 


See Section 36.2.1, “Using Client/Server Access to the Post Office,” on 
page 494 and “Using TCP/IP Links between the Post Office and the 
Domain” on page 487. 


See also --ip. 


See Section 36.3.1, “Securing Client/Server Access through an External 
Proxy Server,” on page 506. 


See Section 36.1.4, “Binding the POA to a Specific IP Address,” on 
page 490 


See also --ip. 


See “Using TCP/IP Links between the Post Office and the Domain” on 
page 487. 


See also --mtpinipaddr, --mtpinport, --mtpoutipaddr, --mtpoutport, 
--mtpsendmax, and --mtpssl. 


See Section 37.2.1, “Setting Up the POA Web Console,” on page 540. 
See also --httpport and --httpssl. 


See Section 36.2.1, “Using Client/Server Access to the Post Office,” on 
page 494 and “Using TCP/IP Links between the Post Office and the 
Domain” on page 487. 


See also --port, --internalclientssl, and --externalclientssl. 


IMPORTANT: Until you configure the POA external client/server connections for SSL, you receive the following 
message whenever you modify any POA property settings: 


SSL will not be used for Internet Client/Server connections until a proxy server 


has been specified. Would you like to enter one now? 


To eliminate the message, follow the instructions in: 


+ Section 36.3.1, “Securing Client/Server Access through an External Proxy Server,” on page 506 


+ Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 508 
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ConsoleOne Properties Pages 
and Settings 


IMAP 


SOAP 


OuickFinder Page 


Enable QuickFinder Indexing 

Start QuickFinder Indexing 

QuickFinder Interval 

Quarantine Files That Fail during 
Conversion 

Maintenance Page 

Enable Auto DB Recovery 


Maintenance Handler Threads 


Perform User Upkeep 
Start User Upkeep 


Generate Address Book for 
Remote 


Start Address Book Generation 


Disk Check Interval 
Disk Check Delay 


POA Log Settings Page 


Log File Path 
Logging Level 

Max Log File Age 
Max Log Disk Space 


POA Scheduled Events Page 
Disk Check Event 


Mailbox/Library Maintenance 
Event 


POA SSL Settings Page 


Certificate File 
SSL Key File 
Password 


Post Office Settings Page 


Remote User Name 
Remote Password 


Corresponding Tasks and Startup Switches 


See Section 36.2.3, “Supporting IMAP Clients,” on page 498. 
See also --imapport, --imapssl, and --imapsslport. 
See Section 36.2.4, “Supporting SOAP Clients,” on page 499. 


See also --soapport and --soapssl. 


See Section 39.1, “Regulating Indexing,” on page 573 and Section 39.5, 
“Configuring a Dedicated Indexing POA (Windows Only),” on page 577. 


See also --qfbaseoffset, --qfbaseoffsetinminute, --qfinterval, 
--gfintervalinminute, and --nogf. 


See --norecover. 


See Section 38.4.1, “Adjusting the Number of POA Threads for Database 
Maintenance,” on page 567. 


See also --gwchkthreads and --nogwchk. 
See Section 36.4.3, “Performing Nightly User Upkeep,” on page 523. 


See also --nuuoffset, --nonuu, --rdaboffset, and --nordab. 


See Section 36.4.2, “Scheduling Disk Space Management,” on page 520. 


See Section 37.3, “Using POA Log Files,” on page 551. 


See also --log, --logdays, --logdiskoff, --loglevel, and --logmax. 


See Section 36.4.2, “Scheduling Disk Space Management,” on page 520. 


See Section 36.4.1, “Scheduling Database Maintenance,” on page 517. 


See Section 36.3.3, “Securing the Post Office with SSL Connections to the 
POA,” on page 508. 


See also --certfile, --keyfile, --keypassword. 


See --user and --password. 
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ConsoleOne Properties Pages 
and Settings 


Post Office Client Access 
Settings Page 


Lock Out Older GroupWise 
Clients 


Minimum Client Release Version 
Minimum Client Release Date 


Enable Intruder Detection 
Incorrect Logins Allowed 
Incorrect Login Reset Time 
Lockout Reset Time 


Post Office Security Page 


LDAP Authentication 


Corresponding Tasks and Startup Switches 


See Section 36.2.5, “Checking What GroupWise Clients Are in Use,” on 
page 502. 


See also --gwclientreleasedate, --gwclientreleaseversion, and 
--enforceclientversion. 


See Section 36.3.5, “Enabling Intruder Detection,” on page 516. 


See also --intruderlockout, --incorrectloginattempts, --attemptsresetinterval, 
and --lockoutresetinterval. 


See Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” 
on page 510. 


See also --Idapipaddr, --Idapport, --Idapuser, --Idappwd, 
--Ildapuserauthmethod, --Idapdisablepwdchg, --Idapssl, --Idapssikey, and 
--Idaptimeout. See also --Idapippooln, --Idappoolresettime, --Idapportpooln, 
--Idapssipooln, and --Idapssikeypooln. 


After you install the POA software, you can further configure the POA using a startup file. See 
Chapter 40, “Using POA Startup Switches,” on page 581 to survey the many ways the POA can be 


configured. 


Changing the Link Protocol between the Post Office and the Domain 


How messages are transferred between the POA and the MTA is determined by the link protocol in 
use between the post office and the domain. For a review of link protocols, see Section 10.1.3, “Link 
Protocols for Direct Links,” on page 159. 


If you need to change from one link protocol to another, some reconfiguration of the POA and its link 
to the domain is necessary. 


+ “Using TCP/IP Links between the Post Office and the Domain” on page 487 
+ “Using Mapped or UNC Links between the Post Office and the Domain” on page 489 


NOTE: The Linux POA reguires TCP/IP links between the post office and the domain. 


Using TCP/IP Links between the Post Office and the Domain 


To change from a mapped or UNC link to a TCP/IP link between a post office and its domain, you 
must perform the following two tasks: 


+ “Configuring the Agents for TCP/IP” on page 488 
+ “Changing the Link between the Post Office and the Domain to TCP/IP” on page 488 
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Configuring the Agents for TCP/IP 


1 Ifthe MTA in the domain is not yet set up for TCP/IP communication, follow the instructions in 
“Configuring the MTA for TCP/IP” on page 632. 


2 To make sure the POA is properly set up for TCP/IP communication, follow the instructions in 
Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 494. 


Only one POA per post office needs to communicate with the MTA. If the post office has 
multiple POAs, have a POA that performs message file processing communicate with the MTA 
for best performance. For information about message file processing, see Section 35.5, “Role of 
the Post Office Agent,” on page 477. 


3 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
4 Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 
GroupWise ~ | NDS Rights + | Other | Rights to Files and Folders 
Network Address | 
TCP/IP Address: [172.16.5.18 
External IP Address: [ 
IPX/SPX Address: 


Bind Exclusively to TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7101 E Disabled W 


HTTP: fat: 118 [Disabled v 
Internal Client/Server: 1677 E Enabled v 


External Client/Server: og Enabled v 


IMAP: 14318) [Disabled v| [ 9938) 


Internal SOAP: 119119 Disabled W 
External SOAP; 7191 E 


Calendar Publishing: HA i 


JJ JF 


5 Inthe Message Transfer field, specify the TCP port on which the POA will listen for incoming 
messages from the MTA. 


The default message transfer port for the POA to listen on is 7101. 
6 Click OK to save the TCP/IP information and return to the main ConsoleOne window. 


Corresponding Startup Switches: You can also use the --mtpinipaddr and --mtpinport startup 
switches in the POA startup file to set the incoming IP address and port. 


Changing the Link between the Post Office and the Domain to TCP/IP 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 
2 In the drop-down list, select the domain where the post office resides. 


3 Click Post Office Links, then double-click the post office for which you want to change the link 
protocol. 
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4 Inthe Protocol field, select TCP/IP. 


Edit Post Office Link 


Post Office: Development 


Protocol: TCPAP ZI 


Post Office Agent: [pos SI 


IP Address: fiba- oes.provo.novell.com : 7101 


Client/Server Port: [1677 
Maximum send message size: 0 + MBytes: 


5 Make sure the information displayed in the Edit Post Office Link dialog box matches the 
information on the Network Address page for the POA. 


When you use a TCP/IP link, the Maximum Send Message Size field enables you to restrict the size 
of messages that users can send between post offices, as described in Section 36.2.7, “Restricting 
Message Size between Post Offices,” on page 504. 


6 Click OK. 
7 To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 
ConsoleOne then notifies the POA and MTA to restart using the new link protocol. 
For a sample message flow for this configuration, see “TCP/IP Link Open: Transfer between Post 


Offices Successful” in “Message Delivery to a Different Post Office” in GroupWise 2012 Troubleshooting 
3: Message Flow and Directory Structure. 


Corresponding Startup Switches: You can also use the --mtpoutipaddr and --mtpoutport startup 
switches in the POA startup file to set the outgoing IP address and port. 


Using Mapped or UNC Links between the Post Office and the Domain 


To change from a TCP/IP link to a mapped or UNC link between a post office and its domain: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 
In the drop-down list, select the domain where the post office resides. 


3 Click Post Office Links, then double-click the post office for which you want to change the link 
protocol. 


In the Protocol field, select Mapped or UNC. 
Provide the location of the post office in the format appropriate to the selected protocol. 
Click OK. 


To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


N © RA 


ConsoleOne then notifies the POA and MTA to restart using the new link protocol. 
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36.1.4 


36.1.5 


Binding the POA to a Specific IP Address 


You can now cause the POA to bind to a specified IP address when the server where it runs uses 
multiple IP addresses. The specified IP address is associated with all ports used by the agent. 
Without an exclusive bind, the POA binds to all IP addresses available on the server. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 
GroupWise ~ | NDS Rights ~ | Other | Rights to Files and Folders 
Network Address 
TCP/IP Address: {172.16.5.18 
External IP Address: [ 
IPX/SPX Address: 


(Bind Exclusively to TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7101 E Disabled v 


HTTP: 7181/3} [Disabled ¥ 


Internal Client/Server: 45778 (Enabled |] 

External Client/Server: 0 E Enabled B 

IMAP: 14318) [Disabled v| [29318 
Internal SOAP: 7191 E Disabled W 

External SOAP: 7191 E 


Calendar Publishing: EHI i 


{ OK ] | Cancel ] | Apply Jif Help ] 


3 Select Bind Exclusively to TCP/IP Address, then click OK to save your change. 


Corresponding Startup Switches: You can also use the --ip and --mtpoutport startup switch in the 
POA startup file to establish an exclusive bind to the specified IP address. 


Moving the POA to a Different Server 


As your GroupWise system grows and evolves, you might need to move a POA from one server to 
another. For example, you might decide to run the POA on a different platform, or perhaps you want 


to move it to a server that has more memory or disk space. 


1 Reconfigure the POA object with the new IP address and port number for the POA to use on the 


new server, as described in Section 36.2.1, “Using Client/Server Access to the Post Office,” on 
page 494. 


2 Install the POA on the new server, as described in “Installing GroupWise Agents” in the 
GroupWise 2012 Installation Guide. 


3 Start the new POA, as described in the following sections in the GroupWise 2012 Installation 
Guide: 


+ “Starting the Linux Agents with a User Interface” 
+ “Starting the Windows GroupWise Agents” 


4 Observe the new POA to see that it is running smoothly, as described in Chapter 37, 
“Monitoring the POA,” on page 525. 


5 Stop the old POA. 
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6 If you are no longer using the old server for any GroupWise agents, you can remove them to 
reclaim the disk space, as described in the following sections in the GroupWise 2012 Installation 
Guide: 

+ “Uninstalling the Linux GroupWise Agents” 
+ “Uninstalling the Windows GroupWise Agents” 


36.1.6 Adjusting the POA for a New Post Office Location 


If you move a post office from one server to another, you also need to edit the POA startup file to 
provide the new location of the post office directory. 

1 Stop the POA for the old post office location if it is still running. 

2 Use an ASCII text editor to edit the POA startup file. 


The POA startup file is named after the post office name, plus a .poa extension. 


Windows: Only the first 8 characters of the post office name are used in the file name. The startup file 
is typically located in the directory where the POA software is installed. 


Linux: The full post office name is used in the file name. However, all letters are lowercase and any 
spaces in the post office name are removed. The startup file is located in the /opt / 
novell/groupwise/agents/share directory. 


3 Adjust the setting of the --home switch to point to the new location of the post office directory. 
4 Save the POA startup file. 


5 Start the POA for the new post office location, as described in the following sections in the 
GroupWise 2012 Installation Guide: 


¢ “Starting the Linux Agents with a User Interface” 
+ “Starting the Windows GroupWise Agents” 


6 Adjust the link between the post office and the domain. See Section 42.1.7, “Adjusting the MTA 
for a New Location of a Domain or Post Office,” on page 640. 


Configuring the POA 491 


36.1.7 Configuring the POA for Remote Server Login (Windows Only) 


On Windows, you can organize a post office so that some components, such as a library, remote 
document storage area, restore area, or software distribution directory, are located on a remote 
Windows server. In order for the POA access the remote Windows server, you must provide a user 
name and password that provide sufficient access to the remote server for the POA to perform the 
required task on the remote server. 


1 In ConsoleOne, browse to and right-click the Post Office object that includes remote 
components, then click Properties. 
2 Click GroupWise > Agent Settings to display the Post Office Settings page. 
Properties of Management 
: GroupWise 


iPost Office Setti 


Software Distribution Directory: GW Software 


Access Mode: Client/Server Only 


Delivery Mode: Use App Thresholds 


Max Age for Address Book Updates: 15 Ss days 


Disable Live Move 


Restore Area: (Not Set) 


Default Archive Service Trusted Application: (Not Set) 


[C] Override | 


Remote File Server Settings 


Remote User Name: 


Remote Password: Set Password 


3 Inthe Remote File Server Settings box, provide the user name and password that the POA can use 
to log in to the remote server where post office components are located, then click OK. 
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36.1.8 


Adjusting the POA Logging Level and Other Log Settings 


When installing or troubleshooting the POA, a logging level of Verbose can be useful. However, 
when the POA is running smoothly, you can set the logging level down to Normal to conserve disk 
space occupied by log files. 

1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 

2 Click GroupWise > Log Settings to display the Log Settings page. 


S Rights v | Other | Rights to Files and Folders 


Log File Path: [ 


Logging Level: | Normal 


Max Log File Age: | 30 S| days 


Max Log Disk Space: l 1 02400 si KBytes 


3 Setthe desired settings for logging. 


Log File Path: Browse to and select the directory where you want this POA to store its log files. 
The default location varies by platform: 


Linux: /var/log/novell/groupwise/post_office.poa 


Windows: post_office\wpcsout\ofs 


For more information about log settings and log files, see Section 37.3, “Using POA Log Files,” 
on page 551. 


Logging Level: Select the amount of data displayed on the POA agent console and written to the 
POA log file. 


+ Off: Turns off disk logging and sets the logging level for the POA to its default. Logging 
information is still displayed on the POA agent console. 


¢ Normal: Displays only the essential information suitable for a smoothly running POA. 


+ Verbose: Displays the essential information, plus additional information that can be helpful 
for troubleshooting. 


+ Diagnostic: Turns on Extensive Logging Options and SOAP Logging Options on the POA Web 
console Log Settings page. 


Maximum Log File Age: Specifies how many days to keep POA log files on disk. The default is 
30 days. 
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Maximum Log Disk Space: Sets the maximum amount of disk space for all POA log files. When 
the specified disk space is consumed, the POA deletes existing log files, starting with the oldest. 
The default is 102400 KB (100 MB). The maximum allowable setting is 102400000 (1 GB). 


Corresponding Startup Switches: You can also use the --log, --loglevel, --logdays, --logmax, and 
--logdiskoff switches in the POA startup file to configure logging. 


POA Web Console: You can view and search POA log files on the Log Files page. 


Configuring User Access to the Post Office 


As described in Section 35.4, “Post Office Access Mode,” on page 476, the GroupWise client defaults 
to client/server access mode. The following topics help you configure the POA to customize the types 
of client/server access provided to the post office: 


+ 


+ 


+ 


Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 494 

Section 36.2.2, “Simplifying Client/Server Access with a GroupWise Name Server,” on page 496 
Section 36.2.3, “Supporting IMAP Clients,” on page 498 

Section 36.2.4, “Supporting SOAP Clients,” on page 499 

Section 36.2.5, “Checking What Group Wise Clients Are in Use,” on page 502 

Section 36.2.6, “Supporting Forced Mailbox Caching,” on page 503 

Section 36.2.7, “Restricting Message Size between Post Offices,” on page 504 

Section 36.2.8, “Supporting Calendar Publishing,” on page 505 


Using Client/Server Access to the Post Office 


The POA defaults to Client/Server mode, which enables you to: 


+ 


+ 


+ 


Set up TCP/IP for client/server communication between this POA and the GroupWise client 
Set up TCP/IP communication between this POA and the MTA for the domain 


Configure the POA so network management and monitoring programs can use TCP/IP to send 
SNMP reguests to this POA 


Set up an external server with Internet access for the POA 

Configure the POA to provide a Web console for use with GroupWise Monitor 

Configure the POA to communicate with IMAP (Internet Message Application Protocol) clients 
Configure the POA to communicate with SOAP (Simple Object Access Protocol) clients 


Configure the POA for calendar publishing so that users’ calendars can be viewed on the 
Internet 


To make sure the GroupWise client has proper client/server access to the post office: 


1 Make sure TCP/IP is properly set up on the server where the POA is running. 


2 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
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3 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties o 


|| Nos rights + | other | 


Message File Processing: 


Message Handler Threads: 


V) Enable Client/Server 


Client/Server Handler Threads: 
lax Physical Connections: 


lax App Connections: 


[V] Enable Caching 

PU Utilization (NetWare); 

Delay Time (NetWare): 

Max Thread Usage for Priming and Moves: 
[C] Enable IMAP 


Max IMAP Threads: 

[C] Enable SOAP 

x SOAP Threads: 

Enable Calendar Publishing 


Max Calendar Publishing Threads: 


Disable Administration Task Processing 


[C] Enable SNMP 


Page Options... 


Rights to Files and Folders 


percent 
milliseconds 
percent 


Cancel 


4 Make sure that Enable Client/Server is selected. 


The default numbers of physical connections and application connections are appropriate for a 
post office with as many as 500 users. If you are configuring the POA to service more than 500 
users, see Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” 
on page 561 for more detailed recommendations. Configuring the POA with insufficient 


connections can result in error conditions. 


5 Click GroupWise > Network Address. 


Properties of POA 


GroupWise v | NDS Rights + | Other | Rights to Files and Folders 


Network Address 


TCP/IP Address: 
External IP Address: 
IPX/SPX Address: 


(Bind Exclusively to TCP/IP Address 


Message Transfer: 


[172.16.5.18 


l 
| 


SSL SSL Port 


Disabled 


HTTP: Disabled 


Internal Client/Server: 


External Client/Server: 


Internal SOAP: 
External SOAP: 


Calendar Publishing: 7171 E 


Page Options... 


[Enabled 


Enabled 


IMAP: 43 Disabled %| | 


2938) 


Disabled v 


at Cancel Jif 


Apply 
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6 Onthe Network Address page, click the pencil icon for the TCP/IP Address field to display the 
Edit Network Address dialog box. 


Edit Network Address 


TCPAP Address 


C IP Address: 


© DNS Host Name: |ibd-oes.provo novell.com 


Cancel Help 


7 Select IP Address, then specify the IP address, in dotted decimal format, of the server where the 
POA is running. 


Or 


Select DNS Host Name, then provide the DNS hostname of the server where the POA is running. 


IMPORTANT: The POA must run on a server that has a static IP address. DHCP cannot be used 
to dynamically assign an IP address for it. 


Specifying the DNS hostname rather than the IP address makes it easier to move the POA from 
one server to another, if the need arises at a later time. You can assign a new IP address to the 
hostname in DNS, without needing to change the POA configuration information in 
ConsoleOne. 


8 Click OK. 


9 Touse a TCP port number other than the default port of 1677, type the port number in the 
Internal Client/Server Port field. 


If multiple POAs will run on the same server, each POA must have a unigue TCP port number. 


10 For optimum security, select Reguired in the SSL drop-down list for local intranet client/server 
connections, Internet client/server connections, or both. For more information, see Section 36.3.3, 
“Securing the Post Office with SSL Connections to the POA,” on page 508. 


11 Click OK to save the network address and port information and return to the main ConsoleOne 
window. 


ConsoleOne then notifies the POA to restart with client/server processing enabled. 


For a sample message flow for this configuration, see “Message Delivery in the Local Post Office” in 
GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure. 


Corresponding Startup Switches: You can also use the --port switch in the POA startup file to 
provide the client/server port number. On a server with multiple IP addresses, you can use the --ip 
switch to bind the POA to a specific address. 


POA Web Console: You can view the TCP/IP address and port information for the POA on the 
Configuration page under the Client/Server Settings heading. 


Simplifying Client/Server Access with a GroupWise Name Server 


If GroupWise users are set up correctly in eDirectory, the GroupWise client can determine which post 
office to access for each user based on the information stored in eDirectory. This lets the GroupWise 
client start automatically in client/server mode without users needing to know and provide any IP 
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address information. However, some GroupWise users might be on platforms where eDirectory is 
not in use. To fill the same function for non-eDirectory users, you can set up a Group Wise name 
server. 


A GroupWise name server redirects each GroupWise client user to the IP address and port number of 
the POA that services the user's post office. By setting up a GroupWise name server, non-eDirectory 
GroupWise client users do not need to know and provide any IP address information when they start 
the GroupWise client in client/server mode. The Group Wise name server takes care of this for them. 

+ “Required Hostnames” on page 497 

+ “Required Port Number” on page 497 

+ “How a GroupWise Name Server Helps the GroupWise Client Start” on page 497 

+ “Setting Up a Group Wise Name Server” on page 497 


Reguired Hostnames 


The primary Group Wise name server must be designated using the hostname ngwnameserver. You 
can also designate a backup GroupWise name server using the hostname ngwnameserver2. 


Reguired Port Number 


Each server designated as a GroupWise name server must have a POA running on it that uses the 
default port number of 1677. Other agents can run on the same server, but one POA must use the 
default port number of 1677 in order for the GroupWise name server to function. For setup 
instructions, see Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 494. 


How a GroupWise Name Server Helps the GroupWise Client Start 


After a server has been designated as ngwnameserver, and a POA using the default port number of 
1677 is running on that server, the GroupWise client can connect to the POA of the appropriate post 
office by contacting the POA located on ngwnameserver. If ngwnameserver is not available, the client 
next attempts to contact the backup name server, ngwnameserver2. If no GroupWise name server is 
available, the user must provide the IP address and port number of the appropriate POA in order to 
start the GroupWise client in client/server mode. 


Setting Up a GroupWise Name Server 


Make sure that TCP/IP is set up and functioning on your network. 
Know the IP address of the server you want to set up as a GroupWise name server. 
Make sure the POA on that server uses the default TCP port of 1677. 


If you want a backup GroupWise name server, identify the IP address of a second server where 
the POA uses the default TCP port of 1677. 


5 Use your tool of choice for modifying DNS. 


A © N FP 


Linux: You can use the YaST Control Center. 


Windows: You can use DNS Manager. 
6 Create an entry for the IP address of the first POA and give it the hostname ngwnameserver. 


7 If you want a backup name server, create an entry for the IP address of the second POA and give 
it the hostname ngwnameserver2. 
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You must use the hostnames ngwnameserver and ngwnameserver2. Any other hostnames are 
not recognized as GroupWise name servers. 


8 Save your changes. 


As soon as the hostname information replicates throughout your system, GroupWise client users can 


start the GroupWise client in client/server mode without specifying a TCP/IP address and port 
number. 


Supporting IMAP Clients 


Internet Messaging Application Protocol (IMAP) is used by email clients such as Microsoft Outlook 
and Evolution. You can configure the POA to communicate with IMAP-enabled email clients much 
like the GroupWise client does. 


NOTE: IMAP clients connecting to your GroupWise system from outside your firewall must connect 
through the Internet Agent (GWIA), as described in Section 53.2, “Configuring POP3/IMAP4 
Services,” on page 777, rather than through the POA. Connecting directly through the POA provides 
faster access for internal IMAP clients. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 


NDS Rights + | Other | Rights to Files and Folders 


Message File Processing: 


Message Handler Threads: 


vV] Enable Client/Server 


Client/Server Handler Threads: 
Max Physical Connections: 


Max App Connections: 


V] Enable Caching 


PU Utilization (NetWare): | percent 

lay Time (NetWare): | milliseconds 
x Thread Usage for Priming and Moves: | percent 

[C] Enable IMAP 

x IMAP Threads: 


[C Enable Soap 
x SOAP Threads: 


Enable Calendar Publishing 


lax Calendar Publishing Threads: 


Disable Administration Task Processing 


Enable SNMP 


3 Fill in the following fields: 
Enable IMAP: Select Enable IMAP to turn on IMAP processing. 


Max IMAP Threads: Specify the maximum number of IMAP threads you want to the POA to 
start. 


The default maximum number of IMAP threads is 40. This is adequate for most post offices, 
because each IMAP thread can service multiple IMAP clients. By default, the POA creates 2 
IMAP threads and automatically creates additional threads as needed to service clients until the 
maximum number is reached. You cannot set the maximum higher than 40. 


You might want to lower the maximum number of IMAP threads if IMAP processing is 
monopolizing system resources that you prefer to have available for other processes. However, 
insufficient IMAP threads can cause slow response for IMAP client users. 
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4 Click Apply to save the IMAP thread settings. 
5 To secure IMAP connections to the post office or to change the IMAP port: 
5a Click GroupWise > Network Address. 


Properties of POA 


GroupWise vw | NDS Rights + | Other | Rights to Files and Folders 


Network Address 


TCP/IP Address: 
External IP Address: 
IPX/SPX Address: 


[ Bind Exclusively to TCP/IP Address 
Port 

Message Transfer: | 71018 
HTTP: KEL 
Internal Client/Server: 

External Client/Server: | 0 SI 
IMAP: EErEE) 
Internal SOAP: 7191 18 
External SOAP: [7918 


Calendar Publishing: mr 


Page Options... 


[172.16.5.18 


SSL 
Disabled v 


| Disabled % | 


| Enabled M 


| Enabled v 
Disabled v 


Disabled v 


SSL Port 


| 9938 


|í Cancel )( Apply Ji Help ] 


5b Select Required in the IMAP SSL drop-down list. 


For additional instructions about using SSL connections, see Section 83.2, “Server 
Certificates and SSL Encryption,” on page 1107. 


5c Change the IMAP port as needed. 
6 Click OK to save the IMAP settings and return to the main ConsoleOne window. 
ConsoleOne then notifies the POA to restart with IMAP enabled. 


Corresponding Startup Switches: You can also use the --imap, --imapmaxthreads, --imapport, 
--imapssl, and --imapsslport startup switches in the POA startup file to configure the POA to support 


IMAP clients. In addition, you can use the --imapreadlimit and --imapreadnew startup switches to 


configure how the POA downloads messages to IMAP clients. 


POA Web Console: You can see whether IMAP is enabled on the Configuration page under the 


General Settings heading. 


Supporting SOAP Clients 


Simple Object Access Protocol (SOAP) is used by email clients such as Evolution and other clients 


such as the Novell Data Synchronizer Connector for GroupWise to access mailboxes. You can 


configure the POA to communicate with SOAP-enabled email clients much like the GroupWise 


Windows client does. 
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IMPORTANT: Starting in GroupWise 2012, Group Wise WebAccess is also a SOAP client. 


1 In ConsoleOne, browse to and select the POA object to configure, then click Properties. 
2 Click GroupWise > Agent Settings. 


Properties of POA 


NDS Rights v | Other | Rights to Files and Folders 


Message File Processing: 


Message Handler Threads: 


V) Enable Client/Server 


Client/Server Handler Threads: 
Max Physical Connections: 


Max App Connections: 


vV] Enable Caching 


PU Utilization (NetWare); [ percent 
Delay Time (NetWare); | milliseconds 
Max Thread Usage for Priming and Moves: | il percent 

[C] Enable IMAP 

Max IMAP Threads: 

[C] Enable SOAP 

Max SOAP Threads: 


Enable Calendar Publishing 


Max Calendar Publishing Threads: 


Disable Administration Task Processing 


Enable SNMP 


3 Fill in the following fields: 
Enable SOAP: Select Enable SOAP to turn on SOAP processing. 
Max SOAP Threads: Specify the maximum number of SOAP threads you want the POA to start. 


The default maximum number of SOAP threads is 40. This is adequate for most post offices, 
because each SOAP thread can service multiple SOAP clients. By default, the POA creates 4 
SOAP threads and automatically creates additional threads as needed to service clients until the 
maximum number is reached. You cannot set the maximum higher than 40. 


You might want to lower the maximum number of SOAP threads if SOAP processing is 
monopolizing system resources that you prefer to have available for other processes. However, 
insufficient SOAP threads can cause slow response for SOAP client users. 


4 Click Apply to save the SOAP thread settings. 
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5 Tosecure SOAP connections to the post office or to change the SOAP port: 
sa Click GroupWise > Network Address. 


Properties of POA 


GroupWise 
Network Address 


TCP/IP Address: 
External IP Address: 
IPX/SPX Address: 


(Bind Exclusively to TCP/IP Address 


Port 
7101 |S} 
7181 à 


Internal Client/Server: [157718 


Message Transfer: 


HTTP: 


External Client/Server: 0 [E] 
(14318) 
[719118 

7191 à 


7171/8} 


IMAP; 
Internal SOAP: 
External SOAP: 


Calendar Publishing: 


Page Options... 


v | NDS Rights + | Other | Rights to Files and Folders 


172.16.5.18 


SSL SSL Port 
Disabled v 


Disabled ¥ | 


Enabled | 
[Enabled +) 
Disabled | | 


[Disabled W 


OK Ji Cancel j Apply Jf Help ] 


5b Select Required in the Internal SOAP SSL drop-down list. 
The same SSL setting applies to both the internal SOAP port and the external SOAP port. 


For additional instructions about using SSL connections, see Section 83.2, “Server 
Certificates and SSL Encryption,” on page 1107. 


5c Change the SOAP port as needed. 


6 Click OK. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


Users of Evolution 2.0 and later can find instructions for connecting to a GroupWise system in the 


Evolution online help. For more information about using Evolution to access a GroupWise mailbox, 


see “Evolution” in “Non-GroupWise Email Clients” in the GroupWise 2012 Interoperability Guide. 


Corresponding Startup Switches: You can also use the --soap, --soapmaxthreads, --soapport, 
--soapssl, and --soapthreads startup switches in the POA startup file to configure the POA to support 
SOAP clients. In addition, you can use the --evocontrol startup switch to configure the POA to allow 
only specified versions of Evolution to connect to the post office. 


POA Web Console: You can see whether SOAP is enabled on the Configuration page under the 


General Settings heading. 
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36.2.5 Checking What GroupWise Clients Are in Use 


You can configure the POA to identify GroupWise client users who are running GroupWise clients 
that do not correspond to a specified release version and/or date. You can also force them to update 
to the specified version. 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 
2 Click GroupWise > Client Access Settings to display the Client Access Settings page. 


Properties of Development 
‘GroupWise ~~ |] NDS Rights v | Other | Rights to Files and Folders 
| Client Access Settings | 
Lock Out Older GroupVVise Clients 
[ Minimum Client Release Version (x.x.x): 


[ Minimum Client Release Date: 


[ Disable Logins 


[V Enable Intruder Detection 


Incorrect Lagins Allowed: 3 + (3-10) 


Incorrect Login Reset Time: 15 E minutes (15-60) 


Lockout Reset Time: 15 E minutes (15+) 


Page Options... | Cancel | 


3 Specify the approved GroupWise release version, if any. 
Only 6.x and later versions of the client are supported for lockout. 
4 Specify the approved GroupWise release date, if any 


You can specify the minimum version, the minimum date, or both. If you specify both 
minimums, any user for which both minimums are not true is identified as running an older 
GroupWise client. 


5 Select Lock Out Older GroupWise Clients for the version and/or date if you want to force users to 
update in order to access their GroupWise mailboxes. 


If you lock out older clients, client users receive an error message and are unable to access their 
mailboxes until they upgrade their GroupWise client software to the minimum reguired version 
and/or date. 


6 Click OK to save the GroupWise version and/or date settings. 
ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 
Corresponding Startup Switches: You can also use the --gwclientreleaseversion, 


--gwclientreleasedate, and --enforceclientversion startup switches in the POA startup file to 
configure the POA to check client version and/or date information. 


POA Web Console: On the Status page of the POA Web console, click C/S Users to display the 
Current Users page, which lists all GroupWise users who are currently accessing the post office. 
Users who are running GroupWise clients older than the approved version and/or date are 
highlighted in red in the list. Users who are running newer versions are shown in blue. 


502 GroupWise 2012 Administration Guide 


36.2.6 


If the POA Web console is password protected as described in Section 37.2.1, “Setting Up the POA 
Web Console,” on page 540, you can change the expected release dates for the current POA session. 
Under Client/Server Settings, click Enforce Lockout on Older GroupWise Clients. 


Historical Note: The capability of identifying client version and date information was first introduced 
in GroupWise 5.5 Enhancement Pack Support Pack 1. Any clients with versions and dates earlier than 


GroupWise 5.5 Enhancement Pack Support Pack 1 do not appear at all on the Current Users page of 
the POA Web console. 


Supporting Forced Mailbox Caching 


GroupWise client users have the option to download their GroupWise mailboxes to their 
workstations so they can work without being continuously connected to the network. This is called 
Caching mode. For more information, see Section 75.1.2, “Caching Mode,” on page 1017. 


When client users change to Caching mode, the contents of their mailboxes must be copied to their 
hard drives. This process is called “priming” the mailbox. If users individually decide to use Caching 
mode, the POA easily handles the process. 


If you force all users in the post office to start using Caching mode, as described in “Allowing or 
Forcing Use of Caching Mode” on page 1018, multiple users might attempt to prime their mailboxes 
at the same time. This creates a load on the POA that can cause unacceptable response time for other 
users. 


To configure the POA to handle multiple requests to prime mailboxes: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 


NDS Rights + | Other | Rights to Files and Folders 


Message File Processing: | v 


Message Handler Threads: 


vV] Enable Client/Server 


Client/Server Handler Threads: 
Max Physical Connections: 


Max App Connections: 


V] Enable Caching 


CPU Utilization (NetWare): | percent 
Delay Time (NetWare): | 1 milliseconds 
Max Thread Usage for Priming and Moves: | | percent 

[C Enable IMAP 


Max IMAP Threads: 
C Enable soap 


Max SOAP Threads: 


Enable Calendar Publishing 


Max Calendar Publishing Threads: 


Disable Administration Task Processing 


Enable SNMP 


3 Set Max Thread Usage for Priming and Moves as needed. 


By default, the POA allocates 30% of its client/server handler threads for priming mailboxes for 
users who are using Caching mode for the first time. By default, the POA starts 10 client/server 
handler threads, so in a default configuration, three threads are available for priming. You might 
want to specify 60 or 80 so that 60% to 80% of POA threads are used for priming mailboxes. You 
might also want to increase the number of client/server handler threads the POA can start in 
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order to handle the temporarily heavy load while users are priming their mailboxes. See 
Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” on 
page 561. 


4 Click OK to save the new setting. 


ConsoleOne then notifies the POA to restart so the new setting can be put into effect. 


Corresponding Startup Switches: You can also use the --primingmax switch in the POA startup file 
to configure the POA to handle multiple reguests to prime mailboxes. 


POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540, you can change the POA’s ability to respond to 
caching reguests for the current POA session on the Configuration page. Under the Client/Server 
Settings heading, click Max Thread Usage for Priming and Live Moves. To increase the number of client/ 
server threads, click Client/Server Processing Threads under the Performance Settings heading. 


36.2.7 Restricting Message Size between Post Offices 
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You can configure the POA to restrict the size of messages that users are permitted to send outside 
the post office. 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


EC] GroupWise Link Configuration Tool - K:\gwsystem\provo1 
File Edit Search View Window Help 


ME E RS] HI] oer ome =] SI 


Domain: Provo1 
Outbound Links from Provot 
rDirect Indirect Gateway Undefined 
% Provo2 °$ Provo04 (Provo3) 
% Provo3 


Indirect 
°$ Provo04 (Provo2) 


2 Inthe drop-down list, select the domain where the post office resides, then click Post Office Links. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 
File Edit Search View Window Help 


El Le 3| me S| ne | KS Provo1 (Primary) M © m 


Post Office Links for Provo1 
Post Office Links for Provo1 


Link 


Provoi  jbd.provo.novell.com:1677,7101 


Legal Provo1 172.16.5.18:1677,7101 


GroupWise 2012 Administration Guide 


36.2.8 


36.3 


3 Double-click the post office where you want to restrict message size. 


KS Edit Post Office Link 


Post Office: Development 


Protocol: Frcpar 
Cancel 


Post Office Agent: [Poa 


Help 


IP Address: fiba- oes.provo.novell.com : 7101 


Client/Server Port: [1677 
Maximum send message size: 0 + MBytes 


4 Inthe Maximum Send Message Size field, specify in megabytes the size of the largest message you 
want users to be able to send outside the post office, then click OK. 


A setting of 0 (zero) indicates that no size limitations have been set. 
5 To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


ConsoleOne then notifies the POA to restart using the new maximum message size limit. 


If a user's message is not sent out of the post office because of this restriction, the user receives an 
email notification message with a subject line of: 


Delivery disallowed 


The notification message also includes the subject of the original message. This message provides 
information to the user about why and where the message was disallowed. However, the message is 
still delivered to recipients in the sender's own post office. 


There are additional ways to restrict the size of messages that users can send, as described in 
Section 12.3.5, “Restricting the Size of Messages That Users Can Send,” on page 201. 


Corresponding Startup Switches: You can also use the --mtpsendmax startup switch in the POA 
startup file to restrict message size. 


POA Web Console: You can view the maximum message size on the Configuration page. If the POA 
Web console is password protected as described in Section 37.2.1, “Setting Up the POA Web 
Console,” on page 540, you can change the maximum message size for the current POA session using 
the Message Transfer Protocol link on the Configuration page. 


Supporting Calendar Publishing 


See “Configuring a POA for Calendar Publishing” in “Installing the GroupWise Calendar Publishing 
Host” in the GroupWise 2012 Installation Guide. 


Configuring Post Office Security 


You can configure the POA in various ways to meet the security needs of the post office. 


+ Section 36.3.1, “Securing Client/Server Access through an External Proxy Server,” on page 506 
+ Section 36.3.2, “Controlling Client Redirection Inside and Outside Your Firewall,” on page 507 
+ Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 508 

+ Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 510 
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+ Section 36.3.5, “Enabling Intruder Detection,” on page 516 
+ Section 36.3.6, “Configuring Trusted Application Support,” on page 517 


36.3.1 Securing Client/Server Access through an External Proxy Server 


If the server where the POA runs is behind your firewall, you can link it to an external proxy server in 
order to provide client/server access to the post office for GroupWise client users who are outside the 
firewall. You could also use generic proxy, network address translation (NAT), and port address 
translation (PAT) to achieve the same results. 


If the POA is configured with both an internal IP address and an external proxy IP address, the POA 
returns both IP addresses to the GroupWise client when it attempts to log in. The client tries the 
internal address first, and if that does not succeed, it tries the external proxy address, then it records 
which address succeeded. If the user moves from inside the firewall to outside the firewall, the client 
might fail to log in on the first attempt, but succeeds on the second attempt. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Network Address to display the POA Network Address page. 


Properties of POA 
GroupWise ~ | NDS Rights v | Other | Rights to Files and Folders 
Network Address 

TCP/IP Address: [172.16.5.18 
External IP Address: [ 
IPX/SPX Address: [ 


Bind Exclusively to TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7101 E Disabled v 


HTTP: [7181 Disabled V) 


Internal Client/Server: 4677) E [Enabled a 

External Client/Server: 0 E Enabled v 

IMAP: 1438) [Disabled v| | 9938) 
Internal SOAP: Disabled La] 

External SOAP: E 71918 


Calendar Publishing: 7171 E 
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3 Make sure the POA is already configured for client/server processing as explained in 
Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 494. 


4 Click the pencil icon for the External IP Address field to display the Edit Network Address dialog 
box. 


Edit Network Address 


TCPAP Address 


C IP Address: [ | | 


(* DNS Host Name: |ibd-oes.provo novell.com 
Cancel Help 


5 Select IP Address, then specify the external IP address, in dotted decimal format, of the external 
server that GroupWise client users access from outside your firewall. 
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Typically, this is the public IP address presented by your external proxy server, generic proxy, 
NAT, or PAT. 


Or 
Select DNS Host Name, then provide the DNS hostname of that server. 
6 Click OK. 


If you want to use a different port number for the external proxy server than you are using for 
client/server access to the POA itself, provide the port number in the External Client/Server Port 
field. 


The network router is responsible for enabling the Network Address Translation (NAT) or Port 
Address Translation (PAT) between the external client reguests and the internal network address 
of the POA. The external proxy server address and port should be listed as they are seen from 
the external GroupWise clients. The POA provides this address and port to clients that attempt 
to connect from outside the firewall. 


If you are using NAT, provide an external server IP address for the POA, and in the Port field, 
use port 1677 (the default) for the external client/server port. If you are using PAT, provide an 
external server IP address for the POA, and inthe Port field, use a unigue external client/server 
port. 


8 For optimum security, select Required in the External Client Server SSL drop-down list. For more 
information, see Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on 
page 508. 


9 Click OK to save the external proxy server network address and port and return to the main 
ConsoleOne window. 


ConsoleOne then notifies the POA to restart and begin communicating with the external proxy 
server. 


POA Web Console You can list all POAs in your GroupWise system, along with their external IP 
addresses. On the Configuration page, click IP Addresses Redirection Table under the General Settings 
heading. 


Controlling Client Redirection Inside and Outside Your Firewall 


When a user tries to access his or her mailbox without providing the IP address of the POA for his or 
her post office, any POA or a GroupWise name server POA can redirect the request to the POA for 
the user's post office. 


A POA that is configured with both an internal IP address and a proxy IP address automatically 
redirects internal users to internal IP addresses and external users to proxy IP addresses. However, if 
you want to control which users are redirected to which IP addresses based on criteria other than 
user location, you can configure a post office with one POA to always redirect users to internal IP 
addresses and a second POA to always redirect users to proxy IP addresses. Users are then redirected 
based on which POA IP address they provide in the GroupWise Startup dialog box when they start 
the GroupWise client to access their mailboxes. 


1 Configure the initial POA for the post office with the IP address that you want for internal users. 
For instructions, see Section 36.2.1, “Using Client/Server Access to the Post Office,” on page 494. 
Do not fill in the Proxy External IP Address field on the Network Address page of the POA object. 


2 Create a second POA object in the post office and give it a unique name, such as POA_PRX. For 
instructions, see Section 36.1.1, “Creating a POA Object in eDirectory,” on page 482. 


3 Configure this second POA with an external IP address. For instructions, see Section 36.3.1, 
“Securing Client/Server Access through an External Proxy Server,” on page 506. 


Do not fill in the TCP/IP Address field on the Network Address page of the POA object. 
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4 Create a startup file for the new instance of the POA. 
4a Use the --name switch to specify the name of the POA object that you created in Step 2. 


4b Usethe --ip switch to specify the IP address of the server where this instance of the POA 
runs. 


4c Use the --port switch to specify the client/server port that this instance of the POA listens 
on. 


This information needs to be specified in the POA startup file because this information is 
not specified in ConsoleOne for this instance of the POA. 


5 Start the new instance of the POA. 


6 Give users that you want to be redirected to internal IP addresses the IP address you used in 
Step 1. 


7 Give users that you want to be redirected to proxy IP addresses the IP address you used in 
Step 3. 


36.3.3 Securing the Post Office with SSL Connections to the POA 


Secure Sockets Layer (SSL) ensures secure communication between the POA and other programs by 
encrypting the complete communication flow between the programs. By default, the POA is enabled 
to use SSL connections, but SSL connections are not required. 


For background information about SSL and how to set it up on your system, see Section 83.2, “Server 
Certificates and SSL Encryption,” on page 1107. 


To configure the POA to reguire SSL: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 


GroupWise ~ | NDS Rights + | Other | Rights to Files and Folders | 
Network Address 
TCP/IP Address: [172.16.5.18 
External IP Address: [ = 
IPX/SPX Address: [ 


(Bind Exclusively to TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7101 i Disabled v 


HTTP: 71818 Disabled v 

Internal Client/Server: ~ 1677 |S} Enabled W 

External Client/Server: jäi og Enabled W 

IMAP: 1438 Disabled v| | 99318 
Internal SOAP: 7918 Disabled v 

External SOAP: 7191 E 


Calendar Publishing: 
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3 To force SSL connections between the POA and its MTA, select Required in the Message Transfer 
SSL drop-down list. 


The POA must use a TCP/IP link with the MTA in order to use SSL for the connection. See 
“Using TCP/IP Links between the Post Office and the Domain” on page 487. 


508 GroupWise 2012 Administration Guide 


10 


The MTA must also use SSL for the connection to be secure. See Section 42.2.2, “Securing the 
Domain with SSL Connections to the MTA,” on page 643. If the MTA does not also use SSL, the 
connection is denied. 


To force SSL connections between the POA and the POA Web console displayed in your Web 
browser, select Reguired in the HTTP SSL drop-down list. 


To set up the POA Web console, see Section 37.2.1, “Setting Up the POA Web Console,” on 
page 540. 


To force SSL connections between the POA and GroupWise internal clients located inside your 
firewall, select Reguired in the Internal Client/Server SSL drop-down list, so that non-SSL 
connections are denied. 


To force SSL connections between the POA and GroupWise external clients located outside your 
firewall (for example, across the Internet), select Reguired in the External Client/Server SSL drop- 
down list, so that non-SSL connections are denied. 


To use SSL connections between the POA and IMAP clients, select Enabled in the IMAP SSL 
drop-down list to let the IMAP client determine whether an SSL connection or non-SSL 
connection is used with an SSL-enabled POA. 


or 


For optimum security, select Required in the IMAP SSL drop-down list if you want the POA to 
force SSL connections, so that non-SSL connections from IMAP clients are denied. 


To use SSL connections between the POA and SOAP clients, select Required in the Internal SOAP 
SSL drop-down list and/or the External SOAP SSL drop-down list so that internal and/or external 
SOAP clients must use SSL connections to the POA. 


Click Apply to save the settings on the Network Address page. 


You are prompted the supply the SSL certificate and key files. The key file must be password 
protected in order for SSL to function correctly. 


Click Yes to display the SSL Settings page. 


Properties of POA 


DS Rights + | Other | Rights to Files and Folders 


Certificate file: 


SSL key file: 


Set Password 


Page Options... | Cancel | 


For background information about certificate files and SSL key files, see Section 83.2, “Server 
Certificates and SSL Encryption,” on page 1107. 


By default, the POA looks for the certificate file and SSL key file in the same directory where the 
POA executable is located, unless you provide a full path name. 
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11 Inthe Certificate File field, browse to and select the public certificate file provided to you by your 
CA. 


12 Inthe SSL Key File field: 
12a Browse to and select your private key file. 
12b Click Set Password. 
12c Provide the password that was used to encrypt the private key file when it was created. 
12d Click Set Password. 
13 Click OK to save the SSL settings. 
ConsoleOne then notifies the POA to restart and access the certificate and key files. 
Corresponding Startup Switches: You can also use the --certfile, --keyfile, --keypassword, --httpssl, 


--mtpssl, --imapssl, and --imapsslport switches in the POA startup file to configure the POA to use 
SSL. 


POA Web Console: You can view SSL information for the POA on the Status and Configuration 
pages. In addition, when you list the client/server users that are accessing the post office, SSL 
information is displayed for each user. 


Providing LDAP Authentication for GroupWise Users 


By default, GroupWise client users’ passwords are stored in GroupWise user databases, and the POA 
authenticates users to their GroupWise mailboxes by using those GroupWise passwords. For 
background information about passwords, see Chapter 82, “GroupWise Passwords,” on page 1099. 


By enabling LDAP authentication for the POA, users’ password information can be retrieved from 
any network directory that supports LDAP, including eDirectory. For background information about 
LDAP, see Section 84.3, “Authenticating to GroupWise with Passwords Stored in an LDAP 
Directory,” on page 1120. 


When you enable LDAP authentication, it is important to provide fast, reliable access to the LDAP 
directory because GroupWise client users cannot access their mailboxes until they have been 
authenticated. The following sections provide instructions for configuring the POA to make the most 
efficient use of the LDAP servers available on your system: 

+ “Providing LDAP Server Configuration Information” on page 511 

+ “Enabling LDAP Authentication for a Post Office” on page 512 

+ “Configuring a Pool of LDAP Servers” on page 514 

¢ “Specifying Failover LDAP Servers (Non-SSL Only)” on page 515 


NOTE: If multiple eDirectory trees are involved, refer to TID 10067272 in the Novell Support 
Knowledgebase (http://www.novell.com/support) for additional instructions. 
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Providing LDAP Server Configuration Information 


Information about your available LDAP servers must be provided in ConsoleOne before you can 
enable LDAP authentication for users. 


1 In ConsoleOne, click Tools > GroupWise System Operations > LDAP Servers to display the 
Configure LDAP Servers dialog box. 


Configure LDAP Servers 


LDAP Servers: 


Add LDAP Server 
Name: 
Description: 


J Use SSL 


LDAP Server Address: 
LDAP Port: 


User Authentication Method: 


389 $| 
Bind z 


Select Post Offices 


Lx | Cancel Help 


3 Inthe Name field, type the name by which you want the LDAP server to be known in your 
GroupWise system. 


4 Inthe Description field, provide additional information about the LDAP server as needed. 


5 Ifthe LDAP server requires an SSL connection, select Use SSL, then browse to and select the 
trusted root certificate of the LDAP server. 


If you do not specify a full path, the POA looks in the following locations for the trusted root 


certificate: 


Linux: /opt/novell/groupwise/agents/bin 


Windows: POA installation directory 


By default, the POA looks for a file named ngwkey.der. 


For more information about the trusted root certificate, see Section 83.3, “Trusted Root 
Certificates and LDAP Authentication,” on page 1115. 
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6 Click the pencil icon for the LDAP Server Address field. 


Edit LDAP Server Address 


TCPAP Address 


@ IP Address: | | M 


C DNS Host Name: | 


7 Select IP Address, then specify the IP address, in dotted decimal format, of the LDAP server. 
or 
Select DNS Host Name, then provide the DNS hostname of the LDAP server. 
The default LDAP port is 389 for non-SSL connections and 636 for SSL connections. 
8 If the default port number is already in use, specify a unique LDAP port number. 
9 Click OK to save the LDAP server address and port information. 
10 Inthe User Authentication Method field, select Bind or Compare. 


For a comparison of these methods, see Section 84.3, “Authenticating to GroupWise with 
Passwords Stored in an LDAP Directory,” on page 1120. 


11 Click OK to save the configuration information for the LDAP server. 


12 Repeat Step 2 through Step 11 for each LDAP server that you want to make available to 
GroupWise for LDAP authentication. 


Providing configuration information for multiple LDAP servers creates a pool of LDAP servers, 
which provides fault tolerance and load balancing to ensure fast, reliable mailbox access for 
GroupWise users. 


13 Continue with “Enabling LDAP Authentication for a Post Office” on page 512. 


Corresponding Startup Switches: You can also use the --ldapipaddr, --ldapport, 
--Idapuserauthmethod, --ldapssl, and --ldapsslkey startup switches in the POA startup file to provide 
the LDAP server information. 


Enabling LDAP Authentication for a Post Office 


To configure the POA to perform LDAP authentication for the users in a post office: 


1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 
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2 Click GroupWise > Security to display the Security page. 


Properties of Legal 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders 


Security 


Security Level: 
C Low 
© High 
High Security Options 


[ eDirectory Authentication 


LDAP Server 
LDAP User Name: 
LDAP Password: 
I” Disable LDAP Password Changing 
Inactive Connection Timeout: 
LDAP Pool Server Reset Timeout: 


LDAP Server Quarantine Threshold: 


Page Options... 


3 For Security Level, select High. 
4 Inthe High Security Options box, select LDAP Authentication. 
5 If you want the POA to access the LDAP server with specific rights to the LDAP directory, 


Set Password 


30 = seconds 
5 + minutes 


22 


Select Servers 


Cancel Apply 


specify a user name that has those rights. 


If you are using a Novell LDAP server, you can browse for an eDirectory User object. The 


information returned from eDirectory uses the following format: 


cn=user name, ou=orgunit,o=organization 


If you are using another LDAP server, you must type the information in the format used by that 
LDAP server. 


If the LDAP user name for the POA requires a password, click Set Password, type the password 
twice for verification, then click Set Password. 


For more information about LDAP user names, see Section 84.3, “Authenticating to GroupWise 


with Passwords Stored in an LDAP Directory,” on page 1120. 
6 If you want to prevent GroupWise users from changing their LDAP passwords by using the 


Password dialog box in the GroupWise client, select Disable LDAP Password Changing. 


This option is deselected by default, so that if users change their passwords in the GroupWise 
client through the Security Options dialog box (GroupWise Windows client > Tools > Options > 


Security) or on the Passwords page (GroupWise WebAccess > Options > Password), their LDAP 


passwords are changed to match the new passwords provided in the GroupWise client. 


7 Ifthe LDAP server is configured for bind connections, as described in “Providing LDAP Server 
Configuration Information” on page 511, specify the number of seconds the POA should 
maintain an inactive connection to the LDAP server. 


The default is 30 seconds. 


8 If you have only one LDAP server, click OK to save the security settings for the post office. You 


have provided all the necessary information to provide LDAP authentication for users in the 


post office. 


or 
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If you have multiple LDAP servers and want to configure them into an LDAP server pool, click 
Apply, then continue with “Configuring a Pool of LDAP Servers” on page 514. 


Or 


If you have multiple LDAP servers and want to configure them for failover, click OK to save the 
security settings for the post office, then continue with “Specifying Failover LDAP Servers (Non- 
SSL Only)” on page 515. 


Corresponding Startup Switches: You can also use the --Idapuser, --ldappwd, --Idapdisablepwdchg, 
and --Idaptimeout startup switches in the POA startup file to configure POA access to the LDAP 
SETVET. 


POA Web Console: You can see if LDAP is enabled on the Configuration page. If the POA Web 
console is password protected as described in Section 37.2.1, “Setting Up the POA Web Console,” on 
page 540, click LDAP Authentication to view LDAP settings and change some of them for the current 
POA session. 


Configuring a Pool of LDAP Servers 


You can configure the POA to contact a different LDAP server each time it needs to access the LDAP 
directory. This provides load balancing and fault tolerance because each LDAP server in the pool is 
contacted egually often by the POA. The LDAP server pool can include as many as five servers. 


1 Make sure you have enabled LDAP Authentication as described in “Enabling LDAP 
Authentication for a Post Office” on page 512. 

2 Inthe LDAP Pool Server Reset Timeout field, specify the number of minutes the POA should wait 
before trying to contact an LDAP server in the pool that failed to respond to the previous 
contact. 

The default is 5 minutes. 


3 Click Select Servers to define the specific pool of LDAP servers that you want to be available to 
users in this post office for LDAP authentication. 


Select LDAP Servers 


Selected Servers Available Servers 
Linux LDAP Server 
Windows LDAP Server 


fad 


Close Help 


4 Select one or more LDAP servers in the Available Servers list, then click the arrow button to move 
them into the Selected Servers list. 


5 Click OK to save the list of LDAP servers. 
6 Click OK to save the security settings for the post office. 
ConsoleOne then notifies the POA to restart so the new LDAP settings can be put into effect. 


Corresponding Startup Switches: You can also use the --ldapippooln and --ldappoolresettime 
startup switches in the POA startup file to configure the LDAP server pool and the timeout interval. 
If you choose to configure the LDAP server pool in the startup file rather than in ConsoleOne, 
additional switches must be provided to complete the configuration (--Idapportpooln, 
--ldapsslpooln, and --ldapsslkeypooln). Configuring the pool in ConsoleOne is the recommended 
approach. 
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If you previously set up LDAP authentication on the post office Security page in ConsoleOne and 
then you add the pooling startup switches to the POA startup file, the pooling switches override any 
LDAP information provided in ConsoleOne. 


Specifying Failover LDAP Servers (Non-SSL Only) 


If the POA does not need to use an SSL connection to your LDAP servers, you can use the 
--Idapipaddr switch to list multiple LDAP servers. Then, if the primary LDAP server fails to respond, 
the POA tries the next LDAP server in the list, and so on until itis able to access the LDAP directory. 
This provides failover LDAP servers for the primary LDAP server but does not provide load 
balancing, because the primary LDAP server is always contacted first. 


1 Make sure you have provided the basic LDAP information on the post office Security page in 
ConsoleOne, as described in “Enabling LDAP Authentication for a Post Office” on page 512. 
2 Editthe POA startup file (post office.poa) with an ASCII text editor. 


For more information about the POA startup file, see Chapter 40, “Using POA Startup 
Switches,” on page 581. 


3 Use the --ldapipaddr startup switch to list addresses for multiple LDAP servers. Use a space 
between addresses. 


For example: 
/ldapipaddr-172.16.5.18 172.16.15.19 172.16.5.20 


IMPORTANT: Do not include any LDAP servers that reguire an SSL connection. There is 
currently no way to specify multiple SSL key files unless you are using pooled LDAP servers, as 
described in “Configuring a Pool of LDAP Servers” on page 514. 


4 Save the POA startup file, then exit the text editor. 
5 Stop the POA, then start the POA so that it reads the updated startup file. 
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You can configure the POA to detect system break-in attempts in the form of repeated unsuccessful 
logins. 

1 In ConsoleOne, browse to and right-click the Post Office object, then click Properties. 

2 Click GroupWise > Client Access Settings to display the Client Access Settings page. 


Properties of Development 


NDS Rights + | Other | Rights to Files and Folders 


Lock Out Older GroupWise Clients 
F Minimum Client Release Version (x.x.x): 


[ Minimum Client Release Date: 


[ Disable Logins 


[V Enable Intruder Detection 
Incorrect Logins Allowed: 3 | (3-10) 


sel 
Incorrect Login Reset Time: 15 E minutes (15-60) 


Lockout Reset Time: 15 4 minutes (15+) 


Page Options... Cancel Apply 


3 Select Enable Intruder Detection. 
4 Specify how many unsuccessful login attempts are allowed before the user is locked out. 
The default is 5; valid values range from 3 to 10. 
5 Specify in minutes how long unsuccessful login attempts are counted. 
The default is 15; valid values range from 15 to 60. 
6 Specify in minutes how long the user login is disabled. 
The default is 30; the minimum setting is 15. 
7 Click OK to save the intruder detection settings. 
ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 
If a user is locked out by intruder detection, his or her GroupWise account is disabled. To restore 
access for the user in ConsoleOne, right-click the User object, click GroupWise > Account, then deselect 


Disable Logins. To restore access for the user at the POA Web console, click Configuration > Intruder 
Detection, then clear the lockout. 


Corresponding Startup Switches: You can also use the --intruderlockout, --incorrectloginattempts, 
--attemptsresetinterval, and --lockoutresetinterval startup switches in the POA startup file to 
configure the POA for intruder detection. 


POA Web Console: You can view current intruder detection settings on the Configuration page. If 
the POA Web console is password protected as described in Section 37.2.1, “Setting Up the POA Web 
Console,” on page 540, you can change the settings by clicking the Intruder Detection link. You cannot 
disable intruder detection from the POA Web console. 
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36.3.6 Configuring Trusted Application Support 


For background information about setting up trusted applications in ConsoleOne, see Section 4.12, 
“Trusted Applications,” on page 90. 


36.4 Configuring Post Office Maintenance 


You can configure the POA to manage databases and disk space in the post office on a regular basis: 


+ Section 36.4.1, “Scheduling Database Maintenance,” on page 517 
+ Section 36.4.2, “Scheduling Disk Space Management,” on page 520 
+ Section 36.4.3, “Performing Nightly User Upkeep,” on page 523 


36.4.1 Scheduling Database Maintenance 


By default, the POA performs the following database maintenance events: 


+ Default Daily Maintenance Event: The default daily maintenance event occurs at 2:00 a.m. The 
POA performs a Structure check on user, message, and document databases and fixes any 
problems it encounters. 


+ Default Weekly Maintenance Event: The default weekly maintenance event occurs on Saturday 
at 3:00 a.m. The POA runs and Audit Report and a Content check. The Audit report lists the type 
of license (full vs. limited) each mailbox requires and which mailboxes haven't been accessed for 
at least 60 days. The Content check verifies pointers from user databases to messages in message 
databases and pointers from message databases to attachments in the of files directory 
structure, and fixes any problems it encounters. 


You can modify the default database maintenance events, or create additional database maintenance 
events for the POA to perform on a regular basis. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Scheduled Events to display the Scheduled Events page. 


Properties of POA 


NDS Rights v | Other | Rights to Files and Folders 


Scheduled events used by this agent: 
V] Default Daily Maintenance Event 


V] Default Disk Check Event 


V] Default Weekly Maintenance Event 
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The Scheduled Events page lists a pool of POA events available to all POAs in your GroupWise 
system. 


To modify the default daily database maintenance event, which affects all POAs that have this 
database maintenance event enabled, select Default Daily Maintenance Event, then click Edit. 


or 


To modify the default weekly database maintenance event, which affects all POAs that have this 
database maintenance event enabled, select Default Weekly Maintenance Event, then click Edit. 


or 
To create a new database maintenance event, which is added to the pool of POA events that can 


be enabled for any POA in your GroupWise system, click Create, then type a name for the new 
database maintenance event. Select Mailbox/Library Maintenance in the Type field. 


If the Create button is dimmed and you have a View button rather than an Edit button, you are 
connected to a secondary domain in a GroupWise system where Restrict System Operations to 
Primary Domain has been selected under System Preferences. For more information, see 

Section 4.2, “System Preferences,” on page 72. 


Edit Scheduled Event 


Name: {Default Daily Maintenance Event 


Event Type: | Mailbox/Library Maintenance 


Trigger 
O Weekday 
© Daily 


O Interval 


Actions 

C Default Audit Report | 
Default Mailbox/Library Content Check 

V] Default Mailbox/Library Structure Check 


OK ] Cancel Help 


4 Inthe Trigger box, specify when you want the database maintenance event to take place. 


You can have the database maintenance event take place once a week, once a day, or at any other 
regular interval, at whatever time you choose. 


The list below the Trigger box displays the pool of POA database maintenance actions that are 
available for inclusion in all POA database maintenance events in your GroupWise system. 


To modify a default database maintenance action, select one of the existing actions, then click 
Edit. 


or 


To create anew database maintenance action, click Create, then type a name for the new database 
maintenance action. 


The name can include as many as 128 characters. 
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Database maintenance actions and options you can schedule include: 


Actions 


AnalyzelFix Databases 


Structure 

Index check 

Contents 

Collect statistics 

Attachment file check 

Fix problems 

Update user disk space totals 


AnalyzelFix Library 


Verify library 

Fix document/version/element 
Verify document files 

Validate all document security 
Synchronize user name 
Remove deleted storage areas 
Reassign orphaned documents 
Reset word lists 


Options on Actions 
Databases 


User 
Message 
Document 


Logging 


Log file 
Verbose log level 


Results mailed to 


Administrator 
Individual users 


Misc 
Support options 
Exclude 


Selected users 


For more detailed descriptions of the actions, click Help in the Scheduled Event Actions dialog 


box. See also: 


+ Chapter 27, “Maintaining User/Resource and Message Databases,” on page 409 


+ Chapter 28, “Maintaining Library Databases and Documents,” on page 415 


6 Select and configure the database maintenance action to perform for the database maintenance 


event. 


7 Click OKthree times to close the various scheduled event dialog boxes and save the modified 
database maintenance event. 


ConsoleOne then notifies the POA to restart so the new or modified database maintenance event 


can be putinto effect. 


POA Web Console You can see what database maintenance events the POA is scheduled to perform 
at the bottom of the Configuration page. 
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36.4.2 Scheduling Disk Space Management 


By default, the POA performs one recurring disk space management event. Every 5 minutes, the 
POA checks to make sure there is at least 2048 MB of free disk space in the post office directory. If 
there is less than 2048 MB of free disk space, the POA performs a Reduce operation on the user and 
message databases in the post office. If available disk space drops below 200 MB, the POA stops 


processing mail. 


You can modify this default disk space management event, or create additional disk space 
management events for the POA to perform on a regular basis. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Maintenance to display the POA Maintenance page. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders 
[V Enable Automatic Database Recovery 


Maintenance Handler Threads: 


[V Perform User Upkeep 
Start User Upkeep: hours after midnight 
IV Generate Address Book for Remote 
Start Address Book Generation: hours after midnight 


Disk Check Interval: minutes 


Disk Check Delay: hours 


Page Options... | Cancel | 


3 To change the interval at which the selected POA checks for free disk space in its post office, 
adjust the number of minutes in the Disk Check Interval field as needed. 
The default is 5 minutes, which could be much too frequent if ample disk space is readily 
available. 


When a disk space problem is encountered, the time interval no longer applies until after the 
situation has been corrected. Instead, the POA continually checks available disk space to 
determine if it can restart message threads that have been suspended because of the low disk 


space condition. 


4 To change the amount of time the POA allows to pass before notifying the administrator again 
about a problem condition that has already been reported, adjust the number of hours in the 
Disk Check Delay field as needed. 


The default is 2 hours. 


5 Client Apply to save the maintenance settings. 
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6 Click GroupWise > Scheduled Events to display the Scheduled Events page. 


Properties of POA 


DS Rights + | Other | Rights to Files and Folders 


Scheduled events used by this agent: 
Default Daily Maintenance Event 
Default Disk Check Event 


Default Weekly Maintenance Event 


| 


The Scheduled Events page lists a pool of POA events available to all POAs in your GroupWise 
system. 


7 To modify the default disk space management event, which affects all POAs that have this disk 
space management event enabled, select Default Disk Check Event, then click Edit. 


or 


To create a new disk space management event, which is added to the pool of POA events that 
can be enabled for any POA in your GroupWise system, click Create, then type a name for the 
new disk space management event. The name can include as many as 128 characters. Select Disk 
Check in the Type field. 


If the Create button is dimmed and you have a View button rather than an Edit button, you are 
connected to a secondary domain in a GroupWise system where Restrict System Operations to 
Primary Domain has been selected under System Preferences. For more information, see 

Section 4.2, “System Preferences,” on page 72. 


Edit Scheduled Event 


Name: Default Disk Check Event 


Event Type: | Disk Check 


Trigger 
© Percent Trigger actions at: 2048 i MB 
© MB Stop mail processing at: __ 200) MB 


Actions 


V] Default Disk Space Management Actions 


C] Low Disk Space Actions 


OK ) Cancel Help 
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In the Trigger box, select Percent or MB to determine whether you want the amount of available 
disk space measured by percentage or by megabytes. 


In the Trigger Actions At field, specify the minimum amount of available disk space you want to 
have in the post office. When the minimum amount is reached, the Disk Check actions are 
triggered 


In the Stop Mail Processing At field, specify the minimum amount of available disk space at which 
you want the POA to stop receiving and processing messages. 


The list below the Trigger box displays the pool of disk space management actions that are 
available for inclusion in all POA disk space management events in your GroupWise system. 


To modify the action that the default disk space management event includes, select Default Disk 
Check Actions, then click Edit. 


Or 


To create a new disk space management action, click Create, then type a name for the new disk 
space management action. 


The name can include as many as 128 characters. 


Disk space management actions and options you can schedule include: 


Actions Options on Actions 
Reduce/Expire Messages Databases 
Reduce only User 
Expire and reduce Message 
- Items older than A 
A Logging 
- Downloaded items older than 
- Items larger than Log file 


- Trash older than 

- Reduce mailbox to 

- Reduce mailbox to limited size 
Include 

- Received items 

- Sent items 

- Calendar items 

- Only backed-up items 

- Only retained items 


Archive/Delete Documents 


Delete Activity Logs 


Verbose log level 
Results mailed to 


Administrator 
Individual users 


Misc 

Support options 
Exclude 
Selected users 


Notification 


Notify administrator when action begins 
Notify administrator if action fails 
Notify administrator when action completes 


For more detailed descriptions of the actions, click Help in the Scheduled Event Actions dialog 
box. See also Chapter 30, “Managing Database Disk Space,” on page 423. 


Select and configure the disk space management action to perform. 
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13 Click OK twice to close the scheduled event dialog boxes and save the modified disk space 
management event. 


ConsoleOne then notifies the POA to restart so the new or modified disk space management 
event can be put into effect. 


You might want to create several disk space management events with different triggers and actions. 
For some specific suggestions on implementing disk space management, see Section 12.3, “Managing 
Disk Space Usage in the Post Office,” on page 196. 


POA Web Console You can view the currently scheduled disk check events on the Scheduled Events 
page. 


Performing Nightly User Upkeep 


To keep GroupWise users’ mailboxes and calendars up-to-date, the following activities must be 
performed each day: 


+ Advance uncompleted tasks to the next day 
+ Delete expired items from users’ mailboxes 
+ Empty expired items from the Trash 


+ Synchronize each user's Frequent Contacts Address Book and personal address books with the 
GroupWise Address Book 


+ Synchronize user addresses in personal groups with the GroupWise Address Book, in case users 
have been moved, renamed, or deleted 


The upkeep performed is determined by the settings located in each user’s Cleanup options (Tools > 
Options > Environment Options > Cleanup). Auto-Delete is run by the POA during user upkeep, but 
Auto-Archive is run by the client as soon as the user accesses his or her mailbox. In Caching mode, 
Auto-Delete is also run by the client. 


Unread items such as messages and upcoming appointments are not deleted. However, unread 
calendar items such as appointments, reminder notes, and tasks that are scheduled in the past are 
deleted. 


Although user upkeep includes deletion activities, it does not necessarily reduce mailbox disk space 
usage. To reduce disk space usage, see Section 12.3, “Managing Disk Space Usage in the Post Office,” 
on page 196. 


Synchronization of personal address books with the GroupWise Address Book enables the latest 
contact information to be synchronized to users’ mobile devices when a synchronization solution 
such as Novell Data Synchronizer (http://www.novell.com/documentation/datasynchronizer1) has 
been implemented. When users copy contacts from the GroupWise Address Book to personal 
address books, changes made in the GroupWise Address Book are mirrored in personal address 
books and, therefore, are available for synchronization to mobile devices. However, changes to 
copied contacts made on mobile devices are not retained in GroupWise because the contact 
information from the GroupWise Address Book always overrides the contact information of the 
copied contacts. 
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You can configure the POA to take care of these user upkeep activities once a day, at a convenient 
time. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Maintenance to display the POA Maintenance page. 


NDS Rights + | Other | Rights to Files and Folders 


Enable Automatic Database Recovery 

Maintenance Handler Threads: 4H 
IV Perform User Upkeep 
Start User Upkeep: hours after midnight 
[V Generate Address Book for Remote 
Start Address Book Generation: hours after midnight 


Disk Check Interval: minutes 


Disk Check Delay: hours 


Page Options... 


3 Select Perform User Upkeep. 


4 Inthe Start User Upkeep field, specify the number of hours after midnight for the POA to start 
performing user upkeep. 


The default is 1 hour. 
5 If you have Remote or Caching users, select Generate Address Book for Remote. 


6 Specify the number of hours after midnight for the POA to generate the daily copy of the 
GroupWise Address Book for Remote and Caching users. 


The default is 0 hours (that is, at midnight). 


If you want to generate the GroupWise Address Book for download more often than once a day, 
you can delete the existing wprof50.db file from the \wpcsout \ofs subdirectory of the post 
office. Anew downloadable GroupWise Address Book is automatically generated for users in 
the post office. 


In addition to this feature, starting in GroupWise 7, the POA automatically tracks changes to the 
GroupWise Address Book and provides automatic synchronization, as described in Section 6.5, 
“Controlling Address Book Synchronization for Caching and Remote Client Users,” on 

page 112. 


7 Click OK to save the new nightly user maintenance settings. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


Corresponding Startup Switches: You can also configure nightly user upkeep using startup switches 
in the POA startup file. By default, nightly user upkeep is enabled. Use the --nuuoffset and 
--rdaboffset switches to specify the start times. 


POA Web Console: You can view the current user upkeep schedule on the Scheduled Events page. 
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Monitoring the POA 


By monitoring the POA, you can determine whether or not its current configuration is meeting the 
needs of the post office it services. You have a variety of tools to help you monitor the operation of the 
POA: 

+ Section 37.1, “Using the POA Server Console,” on page 525 

+ Section 37.2, “Using the POA Web Console,” on page 539 

+ Section 37.3, “Using POA Log Files,” on page 551 

+ Section 37.4, “Using GroupWise Monitor,” on page 553 

+ Section 37.5, “Using Novell Remote Manager,” on page 553 

+ Section 37.6, “Using an SNMP Management Console,” on page 553 

+ Section 37.7, “Notifying the GroupWise Administrator,” on page 557 

+ Section 37.8, “Using the POA Error Message Documentation,” on page 557 

+ Section 37.9, “Employing POA Troubleshooting Techniques,” on page 558 

+ Section 37.10, “Using Platform-Specific POA Monitoring Tools,” on page 558 


37.1 Using the POA Server Console 


The following topics help you monitor and control the POA from the POA server console: 


+ Section 37.1.1, “Monitoring the POA from the POA Server Console,” on page 525 
+ Section 37.1.2, “Controlling the POA from the POA Server Console,” on page 529 


37.11 Monitoring the POA from the POA Server Console 


The POA server console provides information, status, and message statistics about the POA to help 
you assess its current functioning. 


Fe Sales.Provo2 - GroupWise POA ei 1 xÍ 
File Configuration Log Statistics Actions Help 
Sales.Provo2 Up Time: 3 Days 22Hrs 34 Mins 
GroupWise Post Office Agent 
r Status Statistics 
Processing / Busy 0:0 C/S Requests: 22 Message Files: 278 
App. Connections: 0 Requests Pending: 0 Undeliverable: 0 
File Queues: 0 Users Timed Out: 0 Problem Messages: 0 


00:00:01 950 Database Check Action: Reduce 
00:00:01 950 Delete Temporary/Backup Files Older than (days): 1 

00:00:01 950 

00:00:01 950 Database Maintenance E vents: 

00:00:01 950 Event #1 : Default POA Mailbox/Library Maintenance Event 
00:00:01 950 Days to Perform Action(s) Su M T'WThF Sa 

00:00:01 950 Time to Perform Action{s}: Midnight (12am) 

00:00:01 950 Action Set #1 : Default POA Mailbox/Library Maintenance Actions 
00:00:01 950 Type of Database Files to Check: User Msg Doc 

00:00:01 950 Database Check Action: Analyze/Fixup 

00:00:01 950 Level of Database Analysis and Verification: Structural/Contents 

00:00:01 950 Delete Temporary/Backup Files Older than (days): 7 = 
00:00:01 950 = 
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Linux: You must use the --show startup switch in order to display the Linux POA server console. See 
“Starting the Linux Agents with a User Interface” in “Installing GroupWise Agents” in the 
GroupWise 2012 Installation Guide. 


Windows: You can suppress the Windows POA server console by running the POA as a service. See 
“Starting the Windows GroupWise Agents” in “Installing GroupWise Agents” in the GroupWise 
2012 Installation Guide. 


The POA server console consists of several components: 


+ “POA Information Box” on page 526 

+ “POA Status Box” on page 526 

+ “POA Statistics Box” on page 527 

+ “POA Log Message Box” on page 528 

* “POA Admin Thread Status Box” on page 529 


You can minimize the POA server console, but do not close it unless you want to stop the POA. 


POA Information Box 


The POA Information box identifies the POA whose POA server console you are viewing, which is 
especially helpful when multiple POAs are running on the same server. 


PostOffice.Domain: Displays the name of the post office serviced by this POA, and what domain it is 
linked to. 


Description: Displays the description provided in the Description field in the POA Identification page 
in ConsoleOne. When you run multiple POAs on the same server, the description should uniquely 
identify each one. If multiple administrators work at the server where the POA runs, the description 
could include a note about who to contact before stopping the POA. 


Up Time: Displays the length of time the POA has been running. 
POA Web Console The Status page also displays this information. 


POA Status Box 


The POA Status box displays the current status of the POA and its backlog. The information 
displayed varies depending on whether the POA is processing client/server connections, message 
files, both, or neither. 


Processing: Displays a rotating bar when the POA is running. If the bar is not rotating, the POA has 
stopped. For assistance, see “Post Office Agent Problems” in GroupWise 2012 Troubleshooting 2: 
Solutions to Common Problems. 


Busy: Displays the number of POA threads currently in use (busy) for client/server connections, 
message files, or both, depending on POA configuration. In a typical POA configuration, the number 
to the left of the colon is the number of busy client/server threads and the number to the right of the 
colon is the number of busy message handler threads. You can change the total number of threads 
available. See Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” on 
page 561 and Section 38.2.1, “Adjusting the Number of POA Threads for Message File Processing,” 
on page 564. 
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User Connections (for client/server processing): Displays the number of active application 
(“virtual”) TCP/IP connections between the POA and the GroupWise clients run by GroupWise 
users. You can change the maximum number of user connections. See Section 38.1.2, “Adjusting the 
Number of Connections for Client/Server Processing,” on page 561. 


Physical Connections (for client/server processing): Displays the number of active physical TCP/IP 
connections between the post office and the GroupWise clients run by GroupWise users. You can 
change the maximum number of physical connections. See Section 38.1.2, “Adjusting the Number of 
Connections for Client/Server Processing,” on page 561. 


Priority Oueues (for message file processing): Displays the number of messages waiting in the high 
priority message gueues. You can control the number of threads processing message files. See 
Section 38.2.1, “Adjusting the Number of POA Threads for Message File Processing,” on page 564. 


Normal Oueues (for message file processing): Displays the number of messages waiting in the 
normal priority message gueues. You can control the number of threads processing message files. See 
Section 38.2.1, “Adjusting the Number of POA Threads for Message File Processing,” on page 564. 


File Oueues (for message file processing): Displays the total number of messages waiting in all 
message gueues, when client/server information and message file information are displayed 
together. 


The number of messages displayed as waiting in message gueues is not an exact count. For example, 
if the POA detects numerous messages to process in the priority 4 queue (normal messages), it does 
not scan and count messages in lower priority gueues. Therefore, actual counts of message files 
waiting in gueues could be higher than the counts displayed in the Status box. 


For information about the various message gueues in the post office, see “Post Office Directory” in 
GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure. 


POA Web Console: The Status page also displays the status information listed above. In addition, 
you can display detailed information about specific gueue contents. 


POA Statistics Box 


The POA Statistics box displays statistics showing the current workload of the POA. The information 
displayed varies depending on whether the POA is processing client/server connections, message 
files, both, or neither. 


C/S Reguests (for client/server processing): Displays the number of active client/server reguests 
between GroupWise clients and the POA. 


Reguests Pending (for client/server processing): Displays the number of client/server reguests 
from GroupWise clients the POA has not yet been able to respond to. If the number is large, see 
“POA Statistics Box Shows Requests Pending” in “Post Office Agent Problems” in Group Wise 2012 
Troubleshooting 2: Solutions to Common Problems. 


Users Timed Out (for client/server processing): Displays the number of GroupWise clients no 
longer communicating with the POA. If the number is large, see “POA Statistics Box Shows Users 
Timed Out” in “Post Office Agent Problems” in GroupWise 2012 Troubleshooting 3: Message Flow and 
Directory Structure. 


Message Files (for message file processing): Displays the total number of messages processed by 
the POA. This includes user messages, status messages, and service requests processed by the POA. 
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Undeliverable (for message file processing): Displays the number of messages that could not be 
delivered because the user was not found in that post office or because of other similar problems. 
Senders of undeliverable messages are notified. For assistance, see “Message Has Undeliverable 
Status” in “Strategies for Message Delivery Problems” in Group Wise 2012 Troubleshooting 2: Solutions 
to Common Problems. 


Problem Messages (for message file processing): Displays the number of invalid message files that 
have problems not related to user error. It also displays reguests the POA cannot process because of 
error conditions. For assistance, see “Message Is Dropped in the problem Directory” in “Strategies for 
Message Delivery Problems” in GroupWise 2012 Troubleshooting 2: Solutions to Common Problems. 


Users Delivered: Displays the number of user messages delivered to recipients in the post office. A 
message with six recipients in the local post office is counted six times. 


Statuses: Displays the number of status messages delivered to recipients in the post office. 
Rules Executed: Displays the number of users’ rules executed by the POA. 


POA Web Console: The Status page also displays this information. In addition, you can display 
detailed information about client/server connections and message file processing. 


POA Log Message Box 


The POA Log Message box displays the same information that is being written to the POA log file. The 
amount of information displayed in the POA Log Message box depends on the current log settings for 
the POA. See Section 37.3, “Using POA Log Files,” on page 551. The information scrolls up 
automatically. 


Windows Note: To stop the automatic scrolling, click Log, then deselect Auto Scroll. You can then use 
the scroll bar to browse through the contents of the log message box. 


POA Web Console: You can view and search POA log files on the Log Files page. 


Informational Messages 


When you first start the POA, you typically see informational messages that list current agent 
settings, current number of threads, TCP/IP options (client/server), and scheduled events. As the 
POA runs, it continues to provide status and delivery information in the POA Log Message box. 


Error Messages 


If the POA encounters a problem processing a message, it displays an error message in the POA Log 
Message box. See “Post Office Agent Error Messages” in GroupWise 2012 Troubleshooting 1: Error 
Messages. 
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POA Admin Thread Status Box 


The POA admin thread updates the post office database (wphost . db) when users and/or user 
information are added, modified, or removed, and repairs it when damage is detected. 


To display the POA Admin Thread Status box from the POA server console, click Configuration > Admin 
Status. 


Sales.Provo2 Admin Statu x| 


Admin Messages 
Completed: 0 
Errors: 0 
In Queue: 0 
Send Admin Mail Vv 
r Admin Database- 
Status: Normal 
DB Sort Language: US 
Recovery Count: 0 


Automatic Recovery Vv 


Perform DB Recovery | 


-Admin Thread — 
Status: Running 


Suspend | Resume 


Cancel Help 


The following tasks pertain specifically to the POA admin thread: 


+ “Suspending/Resuming the POA Admin Thread” on page 531 
+ “Displaying POA Admin Thread Status” on page 534 
+ “Recovering the Post Office Database Automatically or Immediately” on page 535 


POA Web Console: You can display POA admin thread status on the Configuration page. Under the 
General Settings heading, click Admin Task Processing. If the POA Web console is password protected 
as described in Section 37.2.1, “Setting Up the POA Web Console,” on page 540, you can change the 
admin settings for the current POA session. 


Controlling the POA from the POA Server Console 


You can perform the following tasks to monitor and control the POA from the POA server console at 
the server where the POA is running: 

+ “Stopping the POA” on page 530 

+ “Suspending/Resuming the POA Admin Thread” on page 531 

+ “Displaying the POA Software Date” on page 531 

+ “Displaying Current POA Settings” on page 532 

+ “Displaying Detailed Statistics about POA Functioning” on page 532 

+ “Displaying Client/Server Information” on page 532 

+ “Listing Message Queue Activity” on page 533 

+ “Displaying Message Transfer Status” on page 533 

+ “Restarting the MTP Thread” on page 534 

+ “Displaying POA Admin Thread Status” on page 534 

+ “Recovering the Post Office Database Automatically or Immediately” on page 535 


+ “Recovering User and Message Databases Automatically” on page 536 


Monitoring the POA 529 


+ “Updating QuickFinder Indexes” on page 536 

+ “Compressing QuickFinder Indexes” on page 537 
+ “Regenerating QuickFinder Indexes” on page 537 
+ “Browsing the Current POA Log File” on page 537 
+ “Viewing a Selected POA Log File” on page 537 

+ “Cycling the POA Log File” on page 538 

+ “Adjusting POA Log Settings” on page 538 

+ “Editing the POA Startup File” on page 539 

+ “Accessing Online Help for the POA” on page 539 


Stopping the POA 


You might need to stop and restart the POA for the following reasons: 


+ Updating the agent software 

* Troubleshooting message flow problems 
+ Backing up GroupWise databases 

+ Rebuilding GroupWise databases 


To stop the POA from the POA server console: 


1 Click File > Exit > Yes. 


Linux: If the Linux POA does not respond to Exit, follow the instructions in “Stopping the Linux POA 
When It Is Running As a Daemon” on page 530. 


Windows: _ If the Windows POA does not respond to Exit, you can close the POA server console to stop 
the POA or use the Task Manager to terminate the POA task. 


2 Restart the POA, as described in the following sections in the GroupWise 2012 Installation Guide: 
+ “Starting the Linux Agents as Daemons” 


+ “Starting the Windows GroupWise Agents” 


Stopping the Linux POA When It Is Running As a Daemon 


To stop the Linux POA when it is running in the background as a daemon and you started it using 
the grpwise script: 
1 Make sure you are logged in as root. 
2 Enter the following command: 
rcgrpwise stop 
3 Use the following command to verify that the POA has stopped. 
rcgrpwise status 
To stop the Linux POA when it is running in the background as a daemon and you started it 
manually (not using the grpwise script): 
1 Make sure you are logged in as root. 
2 Determine the process IDs (PIDs) of the POA: 
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ps -eaf | grep gwpoa 
The PIDs for all gwpoa processes are listed. 
You can also obtain this information from the Environment page of the POA Web console. 
3 Kill the first POA process listed: 
Syntax: kill PID 
Example: kill 1483 
It might take a few seconds for all POA processes to terminate. 
4 Use the ps command to verify that the POA has stopped. 
ps -eaf | grep gwpoa 
5 (Conditional) If the initial kill command does not stop the POA, use the following command: 
Syntax: kill -9 PID 
Example: kill -9 1483 


Suspending/Resuming the POA Admin Thread 


You can cause the POA to stop accessing the post office database (wphost . db) without stopping the 
POA completely. For example, you could suspend the POA admin thread while backing up the post 
office database. 


To suspend the POA admin thread: 


1 Atthe POA server console, click Configuration > Admin Status. 
2 Click Suspend. 


The POA admin thread no longer accesses the post office database until you resume processing. 
To resume the POA admin thread: 


1 Atthe POA server console, click Configuration > Admin Status. 
2 Click Resume. 


POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540, you can suspend and resume the POA admin 
thread from the Configuration page. Under the General Settings heading, click Admin Task Processing 
> Suspend or Resume > Submit. 


Displaying the POA Software Date 


It is important to keep the POA software up-to-date. You can display the date of the POA software 
from the POA server console. 


1 Atthe server where the POA is running, display the POA server console. 
2 Click Help > About POA. 


POA Web Console: You can check the POA software date on the Environment page. 
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Displaying Current POA Settings 


You can list the current configuration settings of the POA atthe POA server console. 


1 Atthe server where the POA is running, display the POA server console. 

2 Click Configuration > Agent Settings. 
The configuration information displays in the log message box and is written to the log file. 
If information you need scrolls out of the log message box, you can scroll back to it. See 


“Browsing the Current POA Log File” on page 537. 


For information about POA configuration settings, see Chapter 36, “Configuring the POA,” on 
page 481 and Chapter 40, “Using POA Startup Switches,” on page 581. 


POA Web Console: You can check the current POA settings on the Configuration page. 


Displaying Detailed Statistics about POA Functioning 


The POA server console displays essential information about the functioning of the POA. More 
detailed information is also available. 

1 Atthe server where the POA is running, display the POA server console. 

2 Click Statistics > Misc. Statistics. 


3 Review the Detailed Statistics dialog box. The following statistics are displayed and written to 
the log file for the current POA up time: 


+ Databases rebuilt 

+ Users deleted 

+ Users moved 

+ Moved messages processed 


+ Statuses processed 


POA Web Console: You can display statistics on the Status page. 


Displaying Client/Server Information 


When the POA and the GroupWise clients communicate in client/server mode, you can display 
statistics to indicate the performance level of the TCP/IP communication. 

1 At the server where the POA is running, display the POA server console. 

2 Click Statistics > Client/Server. 

3 Inthe menu, click the type of statistics to display. 


The selected type of statistics for the current POA up time are listed in the message log box and 
are written to the POA log file. 


If information you need scrolls out of the log message box, you can scroll back to it. See 
“Browsing the Current POA Log File” on page 537. 


All Statistics: Lists the information for General Statistics, Throughput, Physical Connections, and 
Application Connections, as described below. 


General Statistics: Lists the DNS address and IP address of the server, along with the TCP port 
for the POA, the number of messages received, sent, and aborted, and the number of physical 
and application connections active and allowed. 
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Show Throughput: Lists the total number of messages processed by the POA for all users. 
Statistics are provided for the current elapsed time and as a per second average. 


Clear Throughput: Resets the current elapsed time to zero. 

Physical Connections: Lists the currently active physical connections. Physical connections are 
active TCP connections created whenever GroupWise users do something that reguires 
communication and closed when the specific activities have been completed. By listing the 


physical connections, you can see what users are actively using GroupWise and how much 
throughput each user is generating. Users’ IP addresses are also listed. 


Application Connections: Lists the currently active application connections. Every user that 
starts Group Wise has an application connection for as long as GroupWise is running, even if 
GroupWise is not actively in use at the moment. By listing the application connections, you can 
see what users have started GroupWise and how much throughput each user is generating. 
Users’ IP addresses are also listed. 


Show Redirection List: Lists all POAs in your GroupWise system and indicates whether each is 
configured for TCP/IP. The list includes the IP address of each POA and the IP address of its 
proxy server outside the firewall, if applicable. This redirection information is obtained from the 
post office database (wphost . db). 


Check Redirection List: Attempts to contact each POA in your GroupWise system and reports 
the results. If a POA is listed as “Connection Failed,” see “Post Office Agent Problems” in 
GroupWise 2012 Troubleshooting 2: Solutions to Common Problems. 


POA Web Console: You can display client/server information on the Configuration page. You can list 
client/server users from the Status page using the C/S Users and Remote/Caching Users links. 


Listing Message Queue Activity 


The POA uses eight queues to process message files. You can view the activity in each of these 
queues. For more information about message queues, see “Post Office Directory” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. 

1 Atthe server where the POA is running, display the POA server console. 

2 Click Actions > View MF Queues. 


3 View the queue activity in the message log box. Use the scroll bar if necessary to scroll through 
the information. 


If information you need scrolls out of the log message box, you can scroll back to it. See 
“Browsing the Current POA Log File” on page 537. 


The information is also written to the POA log file. 


You can check queue activity on the Status page. Under the Thread Status heading, click the type of 
thread to view queue activity for. 


Displaying Message Transfer Status 


When the POA links to the MTA by way of TCP/IP, you can view the status of the TCP/IP link from 
the POA server console. 

1 Atthe server where the POA is running, display the POA server console. 

2 Click Configuration > Message Transfer Status. 

3 View the following information about the TCP/IP link: 


Outbound TCP/IP Address: Displays the TCP/IP address and port where the MTA listens for 
messages from the POA. 
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Inbound TCP/IP Address: Displays the TCP/IP address and port where the POA listens for 
messages from the MTA. 


Hold Directory: Displays the path to the directory where the POA stores messages if the TCP/IP 
link to the MTA is closed. 


Current Status: Lists the current status of the TCP/IP link. 
+ Open: The POA and the MTA are successfully communicating by way of TCP/IP. 
+ Closed: The POA is unable to contact the MTA by way of TCP/IP 
+ Unavailable: The POA is not yet configured for TCP/IP communication with the MTA. 
¢ Unknown: The POA is unable to contact the MTA in any way. 
Messages Written: Displays the number of messages the POA has sent. 
Message Read: Displays the number of messages the POA has received. 


Last Closure Reason: Provides an explanation for why the post office was last closed. For 
assistance resolving closure problems, see “Post Office Agent Error Messages” in GroupWise 
2012 Troubleshooting 1: Error Messages. 


POA Web Console: You can display message transfer status on the MTP Status page. 


Restarting the MTP Thread 


When the POA links to the MTA by way of TCP/IP, you can restart the Message Transfer Protocol 
(MTP) thread that provides the link between the POA and the MTA. 

1 At the server where the POA is running, display the POA server console. 

2 Click Actions > Restart MTP. 
POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540, you can restart the MTA thread from the 
Configuration page. Click Message Transfer Protocol > Restart MTP > Submit. In addition, you can 


control the send and receive threads separately on the MTP Status page. In the Send or Receive 
column, click the current status, then click Stop/Start MTP Send/Receive > Submit. 


Displaying POA Admin Thread Status 


Status information for the POA admin thread is displayed in a separate dialog box, rather than on the 
main POA server console. 
1 At the server where the POA is running, display the POA server console. 
2 Click Configuration > Admin Status. 
The following admin status information is displayed: 
Admin Message Box 


The Admin Message box provides the following information about the workload of the POA 
admin thread: 


Completed: Number of administrative messages successfully processed. 
Errors: Number of administrative messages not processed because of errors. 
In Queue: Number of administrative messages waiting in the queue to be processed. 


Send Admin Mail: Select this option to send a message to the administrator whenever a critical 
error occurs. See Section 37.7, “Notifying the GroupWise Administrator,” on page 557. 


Admin Database Box 
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The Admin Database box provides the following information about the post office database 
(wphost . db): 


Status: Displays one of the following statuses: 
+ Normal: The POA admin thread is able to access the post office database normally. 
+ Recovering: The POA admin thread is recovering the post office database. 


+ DB Error: The POA admin thread has detected a critical database error. The post office 
database cannot be recovered. Rebuild the post office database in ConsoleOne. See 
Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 405. 


The POA admin thread does not process any more administrative messages until the 
database status has returned to Normal. 


¢ Unknown: The POA admin thread cannot determine the status of the post office database. 
Exit the POA, then restart it, checking for errors on startup. 


DB Sort Language: Displays the language code for the language that determines the sort order 
of lists displayed in ConsoleOne and the GroupWise Address Book. 


Recovery Count: Displays the number of recoveries performed on the post office database by 
this POA for the current POA session. 


Admin Thread Box 

The Admin Thread box displays the following information: 

Status: Displays one of the following statuses: 
+ Running: The POA admin thread is active. 
+ Suspended: The POA admin thread is not processing administrative messages. 
¢ Starting: The POA admin thread is initializing. 


+ Terminated: The POA admin thread is not running. 


POA Web Console: You can display POA admin thread status from the Configuration page. Under 
the General Settings heading, click Admin Task Processing. 


Recovering the Post Office Database Automatically or Immediately 


The POA admin thread can recover the post office database (wphost . db) when it detects a problem. 
To enable or disable automatic post office database recovery: 


1 At the server where the POA is running, display the POA server console. 


2 Click Configuration > Admin Status > Automatic Recovery to toggle this feature on or off for the 
current POA session. 


To change the setting permanently, see Section 36.1.2, “Configuring the POA in ConsoleOne,” on 
page 484. 


To recover the post office database immediately: 


1 At the server where the POA is running, display the POA server console. 
2 Click Configuration > Admin Status > Perform DB Recovery. 


For additional database repair procedures, see Chapter 26, “Maintaining Domain and Post Office 
Databases,” on page 401. 
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POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540, you can recover the post office database from the 
Configuration page. Under the General Settings heading, click Admin Task Processing. Select Automatic 
Recovery or Perform DB Recovery as needed. 


Recovering User and Message Databases Automatically 


The POA can automatically recover user databases (userxxx.db) and message databases 
(msgnnn.db) when it detects a problem because databases can be open during the recover process. 
This procedure is a “recover” rather than a “rebuild,” because a “rebuild” reguires that all users and 
agents are out of the database being rebuilt. See Chapter 27, “Maintaining User/Resource and 
Message Databases,” on page 409. 


To enable/disable automatic message and user database recovery: 


1 Atthe server where the POA is running, display the POA server console. 
2 Click Actions > Auto Rebuild to toggle this feature on or off for the current POA session. 


To change the setting permanently, see Section 36.1.2, “Configuring the POA in ConsoleOne,” on 
page 484. 


POA Web Console: You can see whether automatic message and user database recovery is enabled 
on the Configuration page under the Performance Settings heading. 


Updating OuickFinder Indexes 


GroupWise uses OuickFinder technology to index messages and documents stored in post offices. 
You can start indexing from the POA server console. For example, if you just imported a large 
number of documents, you could start indexing immediately, rather than waiting for the next 
scheduled indexing cycle. 


To update OuickFinder indexes for the post office: 


1 Atthe server where the POA is running, display the POA server console. 
2 Click Actions > OuickFinder > Update Indexes. 


To avoid overloading the POA with indexing processing, a maximum of 1000 items are indexed per 
database. If a very large number of messages are received regularly, or if a user with a very large 
mailbox is moved to a different post office (reguiring the user's messages to be added into the new 
post office indexes), you might need to repeat this action multiple times in order to get all messages 
indexed. If too many repetitions are reguired to complete the indexing task, see Section 39.6, 
“Customizing Indexing,” on page 579 for assistance. 


You can set up indexing to occur at regular intervals. See Section 39.1, “Regulating Indexing,” on 
page 573. 


If the indexing load on the POA is heavy, you can set up a separate POA just for indexing. See 
Section 39.5, “Configuring a Dedicated Indexing POA (Windows Only),” on page 577. 


POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540, you can update OuickFinder indexes from the 
Configuration page. Under the General Settings heading, click QuickFinder Indexing. 
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Compressing OuickFinder Indexes 


OuickFinder indexes are automatically compressed at midnight each night to conserve disk space. 

You can start compression at any other time from the POA server console. For example, if you just 

imported and indexed a large number of documents and are running low on disk space, you could 
compress the indexes immediately, rather than waiting for it to happen at midnight. 


To compress OuickFinder indexes for the post office: 


1 Atthe server where the POA is running, display the POA server console. 
2 Click Actions > OuickFinder > Compress Indexes. 


POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540, you can compress OuickFinder indexes from the 
Configuration page. Under the General Settings heading, click QuickFinder Indexing. 


Regenerating QuickFinder Indexes 


If OuickFinder indexes become damaged, you can easily delete and re-create them. 
To re-create OuickFinder indexes for the post office: 


1 Atthe server where the POA is running, display the POA server console. 
2 Click Actions > QuickFinder > Delete and Regenerate Indexes. 


You can also press Ctrl+Q. 


POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540, you can re-create OuickFinder indexes from the 
Configuration page. Under the General Settings heading, click OuickFinder Indexing. 


Browsing the Current POA Log File 


In the log message box, the POA displays the same information being written to the POA log file. The 
amount of information depends on the current log settings for the POA. 


The information automatically scrolls up the screen as additional information is written. You can stop 
the automatic scrolling so you can manually scroll back through earlier information. 


To browse the current POA log file and control scrolling: 


1 Atthe server where the POA is running, display the POA server console. 


2 Click Log > Auto Scroll to toggle automatic scrolling on or off. 


For explanations of messages in the POA log file, see “Post Office Agent Error Messages” in 
GroupWise 2012 Troubleshooting 1: Error Messages. 


See also Section 37.3, “Using POA Log Files,” on page 551. 
POA Web Console: You can browse and search POA log files on the Log Files page. 


Viewing a Selected POA Log File 


Reviewing log files is an important way to monitor the functioning of the POA. 


1 Atthe server where the POA is running, display the POA server console. 
2 Click Log > View Log. 
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The following information is provided: 


Log Files: Lists the current POA log files, ordered from the oldest log file at the top to the 
newest log file at the bottom. The current log file is marked with an asterisk (*). 


Date/Time: Displays the date and time of each POA log file. 


Space Used: Displays the amount of disk space currently occupied by that POA's log files. You 
can control the amount of space consumed by POA log files during the current POA session. 
You can also control the default amount of disk space for POA log files in the POA Log Settings 
page in ConsoleOne or in the POA startup file. See Section 37.3.2, “Configuring POA Log 
Settings and Switches,” on page 552. 


Log File Directory: Displays the full path of the directory where the POA writes its log files. See 
Section 37.3.2, “Configuring POA Log Settings and Switches,” on page 552. 


3 Inthe log file list, select the POA log file you want to view. 


Windows Note: For the Windows POA, you can select the viewer to use by providing the full 
path to the viewer program. The default viewer is Notepad. 


4 Click View. 


For explanations of messages in the POA log file, see “Post Office Agent Error Messages” in 
GroupWise 2012 Troubleshooting 1: Error Messages. 


See also Section 37.3, “Using POA Log Files,” on page 551. 
POA Web Console: You can view and search POA log files on the Log Files page. 


Cycling the POA Log File 


You can have the POA start a new log file as needed. 


1 Atthe server where the POA is running, display the POA server console. 
2 Click Log > Cycle Log. 


Adjusting POA Log Settings 


Default log settings are established when you start the POA. However, you can adjust the POA log 
settings for the current session from the POA server console. This overrides any settings provided in 
ConsoleOne or in the POA startup file. The modified settings remain in effect until you restart the 
POA, at which time the log settings specified in ConsoleOne or the startup file take effect again. 


1 Atthe server where the POA is running, display the POA server console. 
2 Click Log > Log Settings. 
3 Adjustthe values as needed for the current POA session. 
See Section 37.3, “Using POA Log Files,” on page 551. 
POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 


“Setting Up the POA Web Console,” on page 540, you can adjust POA log settings from the 
Configuration page. Click the Log Settings heading. 
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Editing the POA Startup File 


You can change the configuration of the POA by editing the POA startup file from the POA server 
console. 

1 Atthe server where the POA is running, display the POA server console. 

2 Click Configuration > Edit Startup File. 

3 Makethe necessary changes, then save and exit the startup file. 

4 Stop and restart the POA. 


Accessing Online Help for the POA 


Click Help on the menu bar for information about the POA server console. Click the Help button in 
any dialog box for additional information. 


37.2 Using the POA Web Console 


The POA Web console enables you to monitor and control the POA from any location where you 
have access to a Web browser and the Internet. This provides substantially more flexible access than 
the POA server console, which can only be accessed from the server where the POA is running. 

+ Section 37.2.1, “Setting Up the POA Web Console,” on page 540 

+ Section 37.2.2, “Accessing the POA Web Console,” on page 541 

+ Section 37.2.3, “Monitoring the POA from the POA Web Console,” on page 542 

+ Section 37.24, “Controlling the POA from the POA Web Console,” on page 549 
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37.2.1 Setting Up the POA Web Console 


The default HTTP port for the POA Web console is established during POA installation. You can 
change the port number and increase security after installation in ConsoleOne. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 
GroupWise + | NDS Rights v | Other | Rights to Files and Folders | 
Network Address 
TCP/IP Address: [172.16.5.18 
External IP Address: [ 
IPX/SPX Address: 


Bind Exclusively to TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7101 E Disabled Ww 


HTTP: 7181 |S} [Disabled v 


Internal Client/Server: [ 16778 Enabled x] 

External Client/Server: 0 E Enabled v 

IMAP: 1438 [Disabled v| | 99318) 
Internal SOAP: 19118 Disabled x 

External SOAP: 7191 E 


Calendar Publishing: 7171 S 


E OI 


If you configured the POA for TCP/IP links during installation, the TCP/IP Address field should 
display the POA server’s network address. If it does not, follow the instructions in “Using TCP/ 
IP Links between the Post Office and the Domain” on page 487. The POA must be configured for 
TCP/IP in order to provide the POA Web console. 


3 Make a note of the IP address or DNS hostname in the TCP/IP Address field. You need this 
information to access the POA Web console. 


The HTTP Port field displays the default port number of 7181. 


4 Ifthe default HTTP port number is already in use on the POA server, specify a unique port 
number. 


5 Make a note of the HTTP port number. You need this information to access the POA Web 
console. 


6 If you want to use an SSL connection for the POA Web console, which provides optimum 
security, select Enabled in the HTTP SSL drop-down list. 


For additional instructions about using SSL connections, see Section 83.2, “Server Certificates 
and SSL Encryption,” on page 1107. 


7 Click Apply to save your changes on the Network Address page. 


If you want to limit access to the POA Web console, or if you want to be able to change 
configuration settings at the POA Web console, you must provide a user name and password. 


IMPORTANT: Some fields in the POA Web console are displayed only when the Web console is 
password protected. 
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8 Click GroupWise > Agent Settings, then scroll down to HTTP Settings. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders 


CPU Utilization (NetWare): | 85| St percent 
Delay Time (NetWare): 100 {3} miliseconds 
Max Thread Usage for Priming and Moves: | 30 Se percent 
Enable IMAP 

Max IMAP Threads: o 40 B 

Enable SOAP 

Max SOAP Threads: 0 40 

Enable Calendar Publishing 

Max Calendar Publishing Threads: L 4 E 


[C] Disable Administration Task Processing 


Enable SNMP 


SNMP Community "Get" String: 


V] Enable HTTP 


HTTP Monitor Settings 


HTTP User Name: | 


HTTP Password: Set Password 


9 Inthe HTTP Settings box: 
9a Inthe HTTP User Name field, specify a unique user name. 
9b Click Set Password. 
9c Type the password twice for verification. 
9d Click Set Password. 


Unless you are using an SSL connection, do not use a Novell eDirectory user name and 
password because the information passes over the non-secure connection between your 
Web browser and the POA. 


For convenience, use the same user name and password for all agents that you plan to 
monitor from GroupWise Monitor. This saves you from having to provide the user name 
and password information as Monitor accesses each agent. 


IMPORTANT: A user name and password are required in order for you to change POA 
configuration settings in the POA Web console. 


10 Click OK to save the POA Web console settings. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 
Corresponding Startup Switches: You can also use the --httpport, --httpuser, --httppassword, and 
--httpssl startup switches in the POA startup file to enable and secure the POA Web console. In 


addition, you can use the --httprefresh switch to control how often the POA refreshes the information 
provided to your Web browser. 


Accessing the POA Web Console 


To monitor the POA from your Web browser, view the URL where the POA is located by supplying 
the network address and port number as displayed on the Network Address page in ConsoleOne. 
For example: 
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http://172.16.5.18:1677 
http://172.16.5.18:7181 
http://server1:7181 
https://server2:1677 


When viewing the POA Web console, you can specify either the client/server port or the HTTP port. 


GroupWise 2012 POA - Development.Provo1 
Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


GroupWise Post Office Agent 


Up Time: 2 Days 22 Hours 16 Minutes 


Total 
CIS Users 1 
Application Connections 2 
Physical Connections 0 
SOAP Sessions 0 
Priority Queues 0 
Normal Queues 0 
GWCheck Auto Queues 0 
GWCheck Scheduled Queues 0 
hread Status 
Total Busy 
C/S Handler Threads 10 0 
Message Worker Threads 6 0 
GWCheck Worker Threads 4 0 
SOAP Threads 3 0 
Calendar Publishing Threads 3 0 
Message Transfer Status Open 
Total 
C/S Requests 3682 
C/S Requests Pending 0 
Users Timed Out 4 
SOAP Requests 21 
SOAP Pending Requests 0 
GWEvents 0 
Calendar Publishing Requests 8 
Rules Executed 0 
Users Delivered 0 
Message Files Processed 20 
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The POA Web console provides several pages of information to help you monitor the performance of 
the POA. The title bar at the top of the POA Web console displays the name of the POA and its post 
office. Below the title bar appears the POA Web console menu that lists the pages of information 
available in the POA Web console. Online help throughout the POA Web console helps you interpret 
the information being displayed and use the links provided. 

+ “Monitoring POA Status” on page 543 

+ “Monitoring and Tracking POA Threads” on page 543 

+ “Checking the POA Operating System Environment” on page 544 

+ “Viewing and Searching POA Log Files” on page 544 

¢ “Listing POA Scheduled Events” on page 545 

+ “Checking Link Status to the MTA” on page 545 

+ “Taking Performance Snapshots” on page 546 

+ “Monitoring SOAP Events” on page 547 
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Monitoring POA Status 


When you first access the POA Web console, the Status page is displayed. Online help on the Status 


page helps you interpret the status information being displayed. 


GroupWise 2012 POA - Development.Provo1 


Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


GroupWise Post Office Agent 


Up Time: 2 Days 22 Hours 16 Minutes 


Total 
CIS Users 1 
Application Connections 2 
Physical Connections 0 
SOAP Sessions 0 
Priority Queues 0 
Normal Queues 0 
GWCheck Auto Queues 0 
GWCheck Scheduled Queues 0 


hread Status 


Total Busy 
C/S Handler Threads 10 0 
Message Worker Threads 6 0 
GWCheck Worker Threads 4 0 
SOAP Threads 3 0 
Calendar Publishing Threads 3 0 
Message Transfer Status Open 

Total 
C/S Requests 3682 
C/S Reguests Pending 0 
Users Timed Out 4 
SOAP Requests 21 
SOAP Pending Requests 0 
GWEvents 0 
Calendar Publishing Requests 8 
Rules Executed 0 
Users Delivered 0 
Message Files Processed 20 


Click any hyperlinked status items for additional details. The status information is much the same as 
that provided at the POA server console, as described in Section 37.1.1, “Monitoring the POA from 


the POA Server Console,” on page 525. 


Monitoring and Tracking POA Threads 


The POA Status page provides links to detailed POA thread status for the following types of threads: 


+ 


C/S handler threads 

+ Message worker threads 
GWCheck worker threads 

+ SOAP threads 

¢ Calendar Publishing threads 


GroupWise 2012 POA - Development.Provo1 


Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


C/S Handler Threads 


+ 


Threads Thread ID Request count State Time Elapsed (Secs) 
GWTCP-Deve-Handler 10 F06B 1437 Idle 
GWTCP-Deve-Handler 9 F073 2245 Idle 
GWTCP-Deve-Handler 8 FO7B 0 Idle 
GWTCP-Deve-Handler 7 F084 0 Idle 
GWTCP-Deve-Handler 6 F08C 0 Idle 
GWTCP-Deve-Handler 5 F094 0 Idle 
GWTCP-Deve-Handler_4 F472 0 Idle 
GWTCP-Deve-Handler 3 F09C 0 Idle 
GWTCP-Deve-Handler 2 FOA4 0 Idle 
GWTCP-Deve-Handler 1 FOAC 0 Idle 
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The Thread ID column provides the information you need in order to track a specific thread through 
one or more POA log files, as described in “Viewing and Searching POA Log Files” on page 544. 


Checking the POA Operating System Environment 


On the POA Web console menu, click Environment to display information about the operating system 
where the POA is running. 


On a Linux server, the following information is displayed: 


GroupWise 2012 POA - Development.Provo1 
Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Server Configuration 


Server jbd-oes 

OS Revision Linux Release 2.6.16.60-0.54.5-default 

OES Version Novell Open Enterprise Server 2.0.3 (x86 64) 
Main Thread Process ID 18431 

Build Dates 

GroupWise Agent Build Version  12.0.0-98196 

GroupWise Agent Build Date 11-26-11 


GroupWise Resource Build Date 11-11-11 


On a Windows server, the following information is displayed: 


GroupWise 2012 POA- Sales.Provo2 
Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


OS Data 

Windows Version 6.1 (Build 7601 )Service Pack 1 

Process ID 2728 

Build Dates 

GroupWise Agent Build Version 12.0.0-98210 
GroupWise Agent Build Date 11-29-11 
GroupWise Engine Build Date 11-29-11 
GroupWise Resource Build Date 11-29-11 


Viewing and Searching POA Log Files 
On the POA Web console menu, click Log Files to display and search POA log files. 


GroupWise 2012 POA- Development.Provo1 


Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 
View Event Log Setings 


Event Log Filter 


Events containing 


Event logs: O Select all 
1101poa 001 11-02-11 00:00:01 0008189 
1102poa 001 11-02-11 20:09:44 0009951 
1107poa.001 11-07-11 15:17:28 0010051 
1107 poa.002 11-07-11 15:17:43 0009966 
1107paa.003 11-08-11 000001 0008718 
110Bpaa.001 11-09-11 00:00:01 0008711 
1109paa.001 11-10-11 00:00:01 0008268 
1110paa 001 11-11-11 00:00:01 0008268 
1111poa.001 11-12-11 00:00:01 0008269 
1112poa.001 11-13-11 00:00:01 0008269 
1113poa.001 11-14-11 00:00:01 0008269 
1114poa.001 11-15-11 00:00:01 0008269 
1115poa 001 11-16-11 000001 0008269 
1116p0s 001 11-17-11 00:00:01 0008270 
1117poa.001 11-17-11 12:52:22 0006623 v| 


View Events Cycle Log 


To view a particular log file, select the log file, then click View Events. 


To search all log files for a particular string, type the string in the Events Containing field, select Select 
All, then click View Events. You can also manually select multiple log files to search. 
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The results of the search are displayed on a separate page that can be printed. 


Listing POA Scheduled Events 


On the POA Web console menu, click Scheduled Events to view currently scheduled events and their 
status information. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


GroupWise POA Scheduled Events 

DiskCheck 

Event Current Status Idle 

Event Next Start Time 12/01/2011 17:49:02 
Event Schedule Interval 5 mins 


# of Concurrent Events Allowed 


QuickFinder Indexing 


Event Current Status Idle 

Event Next Start Time 12/01/2011 20:00:00 
Event Schedule Interval 24 hour(s) 

# of Concurrent Events Allowed 1 


Remote Downloadable Address Book Generation 


Event Current Status Idle 

Event Next Start Time 12/02/2011 00:00:30 
Event Schedule Interval 1 day(s) 

# of Concurrent Events Allowed 1 


Nightly User DB Upkeep (Phase 1) 


Event Current Status Idle 

Event Next Start Time 12/02/2011 00:00:30 
Event Schedule Interval 1 day(s) 

# of Concurrent Events Allowed 1 


QuickFinder indexing and remote downloadable Address Book generation can be controlled using 
links from the Configuration page, if the POA Web console is password protected as described in 
Section 37.2.1, “Setting Up the POA Web Console,” on page 540. The Configuration page also 
displays information about disk check events and database maintenance events. However, scheduled 
events must be created and modified using ConsoleOne. 


Checking Link Status to the MTA 


On the POA Web console menu, click MTP Status to view status information about the link between 
the POA for the post office and MTA for the domain. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Send Receive 
Current Status Open Open 
Last Closed 
Last Opened 11-28-11 19:18:58 11-28-11 19:18:58 


Last Closure Reason 


Directory Paths and TCP/IP addresses 


Outbound TCP/IP 17215717:7100 
Inbound TCP/IP 172.15.7.17:7101 
Hold /gwsystem/dev/wpcsin 


Message Transfer Statistics 
Written 7 
Read 20 


If the POA Web console is password protected as described in Section 37.2.1, “Setting Up the POA 
Web Console,” on page 540, the Outbound TCP/IP link displays the MTA Web console where you can 
get status information about the MTA. The Hold link displays the contents of the MTA input queue, 
so you can find out if messages are waiting for processing by the MTA. 
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Taking Performance Snapshots 


To help you assess the efficiency of the POA, you can configure the POA to gather statistics about 
CPU utilization, disk reads and writes, thread usage, message processing, and so on. 


1 Make sure that the POA Web console is password protected, as described in Section 37.2.1, 


“Setting Up the POA Web Console,” on page 540. 
In the POA Web console, on the Configuration page, click Performance Snapshots under the 
Performance Settings heading. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Performance Snapshots 


Start O 
Submit Reset 


Select Start, then click Submit. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Performance Snapshots 


Stop O 

Write Data to File Interval 6 v |mins 

Begin Time 12/01/2011 17:55:06 

Submit Reset 

pes Epu [Disk Disk sa Pea is [cache |App [Phys Rose kis kis Msg User 
Util% |Read(KB) Writen(KB) ount Count [User [User (Conn [Conn [Thra [Req |Pending |Processed |Delivered 

17:59:06/0 (0 [0 6 0 1 0 2 h p k fo 0 o | 

17:58:06/1 [0 [0 2 [0 1 0 2 0 0 0p [0 [0 | 

1757065 |0 [0 2 [0 1 | 2 0 0 (0 jo o [0 | 

(17:56:06 5 178 o 8 (0 1 0 2 0 0 0p [0 [0 | 


The POA takes a snapshot every 60 seconds. 


4 Refresh your browser window to display data as it is collected. 


5 Specify the interval at which you want to write data to a file on disk for permanent storage. 


Performance data is saved to the mmddsnap . nnn file, where mmdd represents the current month 
and date and nnn starts with 001 and increments each time you enable performance snapshots to 
start gathering data. The performance data file is stored in the post_office\oftemp directory in 
comma-separated value (CSV) format, so that you can bring the data into a spreadsheet program 
for analysis. 


When you have gathered sufficient performance data, select Stop, then click Submit. 


Because gathering performance data uses POA resources, you should turn the feature off when 
you have gathered sufficient data. It is turned off automatically when you restart the POA. 


When you are finished using performance data files, delete them to conserve disk space. 


The POA does not automatically clean up old performance data files. 
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Monitoring SOAP Events 


To help you work with third-party listener applications such as the Data Synchronizer Connector for 
GroupWise, the POA Web console lists SOAP notifications and SOAP events so that you can monitor 
the SOAP event traffic through the POA. These options are available if the POA Web console is 

password protected, as described in Section 37.2.1, “Setting Up the POA Web Console,” on page 540. 


+ “Listing SOAP Notifications” on page 547 
+ “Listing SOAP Event Configurations” on page 548 
Listing SOAP Notifications 


The SOAP Notification List page shows the third-party listener applications that are notified by the 
POA when SOAP events occur. 


1 On the Configuration page, click SOAP Notification List. 
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Status | Configuration | Environment, | Log Files | Scheduled Events | MTP Status | Help 


SOAP Notification List 
UserlD Key IP Address Port |Date/Time 
5 Te E x $ 06/11/2012 
gsmith default.pipelinel.groupwise_MobilityPackTrustedAppKey_gsmith http://172.15.6221/ |4500 00:00:30 
06/13/2012 
mpalu default.pipelinel groupwise_MobilityPackTrustedAppKey_mpalu http://172.15.6.221/ [4500 00:00:30 


The columns provide the following information: 
User: Displays the name of the GroupWise user that is performing the event. 


Key: Displays the ID of the event configuration created by the third-party application. The event 
configuration describes the events that are being tracked for the user, such as creation, deletion, 
or modification of records. 


IP Address: Displays the IP address of the POA where the event took place. 


Port: Displays the port number used for communication between the POA and the listener 
application. 


Date/Time: Displays the date and time when the event took place. An asterisk (*) after the date 
and time indicates that the user has pending notifications. After the notifications have been sent, 
the asterisk is removed. 
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Listing SOAP Event Configurations 


The Event Configuration List page displays the event configurations that are registered to receive 
GroupWise events from the POA. An event configuration is listed when an external application such 
as the Novell Data Synchronizer Connector for GroupWise communicates with the POA and 
provides information about a specific type of event that it wants to receive. 


For example, the Data Synchronizer Connector for Mobility works through the GroupWise 
Connector to synchronize GroupWise data to mobile devices. Whenever a user connects a mobile 
device to GroupWise through the Mobility Connector, an event configuration is created for that user 
and his or her mobile device. If the user has multiple mobile devices, there is an event configuration 
for each of the user's mobile devices. 


1 On the Configuration page, click Event Configuration List. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


vent Configuration List 

UserID Key IP Address Port |Events 
gsmith default.pipelinel.groupwise MobilityPackTrustedAppKey gsmith http://172.15.6221/ |4500 |32 
mpalu default.pipelinel groupwise_MobilityPackTrustedåppKey_mpalu http://172.15.6.221/ |4500 |4 


The columns provide the following information: 
UserID: Displays the name of the GroupWise user associated with the event configuration. 


Key: Displays the ID of the event configuration created by the external application. For example, 
the GroupWise Connector uses a GroupWise trusted application key. 


IP Address: Displays the IP address of the external application that the POA notifies when 
events take place. 


Port: Displays the port number used for communication between the POA and the external 
application. 


Events: Displays the number of events that have transferred from the POA to the external 
application. 


2 To manage the event configuration for a specific user, click the user name. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


vent Configuration: 


UserlD gsmith 
Key default. pipeline 1. groupwise_MobilityPackTrustedAppK ey_gsmith 
Add to Notification List 


Show Events 
Delete Events 
Delete Event Configuration 


The Event Configuration page helps you manage an event configuration and the associated 
events that are stored in a user's database for an external application such as the Data 
Synchronizer Connector for GroupWise. 


3 Select Add to Notification List, then click Submit to cause the POA to notify the external 
application whenever a new GroupWise event needs to be picked up. 


4 Select Show Events, then click Submit to display the currently stored events for the event 
configuration. 
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If the list is long, the external application might not be running. 
5 Select Delete Events, then click Submit to delete any stored events for the event configuration. 


Use this option only when a backlog of events needs to be cleared, such as when a problem 


occurred with the external application. 


6 Click Delete Event Configuration, then click Submit to delete the displayed event configuration. 


Use this option when the POA no longer needs to send events for the user associated with the 
event configuration. For example, if there was a problem removing a user from the GroupWise 
Connector, use this option to remove any residual events associated with the user. 


Controlling the POA from the POA Web Console 


At the POA Web console, you can change some POA configuration settings for the current POA 
session. You can also stop and start some specific POA threads. 


IMPORTANT: In order to control the POA from the POA Web console, you must set up 


authentication for the POA Web console, as described in Section 37.2.1, “Setting Up the POA Web 
Console,” on page 540. 


+ “Changing POA Configuration Settings” on page 549 
+ “Controlling the POA Admin Thread” on page 550 
+ “Controlling the POA MTP Threads” on page 550 


+ “Disconnecting a User Session from the POA” on page 551 


Changing POA Configuration Settings 


On the POA Web console menu, click Configuration. Online help on the Configuration page helps you 


interpret the configuration information being displayed. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


GroupWise POA Configuration Settings 


General Settings: 

Post Office Directory 

Post Office Access Mode: 

Post Office Configuration Instance 
Post Office Language: 

Database Version 

Intemet Domain Name 

Read Configuration from Database 
Error Mail to Administrator: 

IPV6 Protocol 

IP Address Redirection Table 
QuickFinder Indexing: 


QuickFinder Document Converter Agent: 
QuickFinder Indexing Base Offset (hours from Midnight): 


QuickFinder Indexing Interval: 


Quarantine Files That Fail in Document Conversion 
Simple Network Management Protocol (SNMP) 


Admin Task Processing 
Intruder Detection: 


Incorrect Login Attempts before Lockout 


Login Attempt Reset Interval 
Intruder Lockout Reset Interval 
GWCheck Processing: 


Post Office Security Requires Password 


LDAP Authentication 
Move User (live) via TCP/IP 
Startup File 


/gwsystem/dev 
Client/Server Only 

poa 

en 

12 
yourcompanyname.com 
Yes 


20 Hours 0 Mins (Default) 
24 Hours 0 Mins (Default) 
Disabled 

Disabled 

Yes 

Enabled 

5 

30 mins 


Enabled 
Enabled 
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If the POA Web console is password protected as described in Section 37.2.1, “Setting Up the POA 
Web Console,” on page 540, you can click hyperlinked configuration items to change settings for the 
current agent session. The settings that can be modified are much the same as those that can be 
changed at the POA server console, as described in Section 37.1.2, “Controlling the POA from the 
POA Server Console,” on page 529. 


Controlling the POA Admin Thread 


On the Configuration page, click Admin Task Processing. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 
Admin Task Status 


Admin Messages 


Completed 14 

Errors 0 

In Queue 0 

Send Admin Mail Y 

Admin Database 

Status Normal 

DB Sort Language EN 

Recovery Count 0 

Automatic Recovery nd 

Perform DB Recovery 

Admin Thread 

Status Running 

Suspend O 

Resume O 
Submit Reset 


Modify the functioning of the POA admin thread as needed, then click Submit. The changes remain in 
effect for the current POA session. 


Controlling the POA MTP Threads 


On the Configuration page, click Message Transfer Protocol. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Message Transfer Protocol Settings 


Outbound TCP/IP 


Address 17215717 
Port 7100 
Inbound TCP/IP 
Address 17215717 
Port 7101 
Maximum File Transfer Send [o 
Size 2 pe 
Restart MTP O 

Submit Reset 


On this page, you can restart MTA processing between the POA and the MTA. On the MTP status 
page, you can restart the send and receive threads separately. 
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Disconnecting a User Session from the POA 


In Online mode, the GroupWise Windows client establishes an active session with the POA. If you 
disable a user, as described in Section 14.9, “Disabling and Enabling GroupWise Accounts,” on 

page 254 while the user is logged in, it does not terminate the user's live session with the POA. 
Instead of needing to restart the POA to terminate the user's live session, you can disconnect the user 
in the POA Web console after disabling the user in ConsoleOne. 


On the Status page in the POA Web console, click C/S Users, then click Disconnect User for the user 
that you have already disabled in ConsoleOne. 
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Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 
GroupWise POA Current Users 

GroupWise User ID 

eDirectory Login Name 


User IP Address fff-177.15.4.80 

Login Time 11/28/2011 19:20:08 
User Platform Windows 

GroupWise Client Release 12.0.0.0.9 11-23-2011 


Disconnect User 


IMPORTANT: When you disable the user in ConsoleOne, the POA must receive the disable event 
and process it before the user can be disconnected in the POA Web console. If you are running the 
POA server console, you can see the disable event occur in the Log Message box. When you click 
Disconnect User successfully, the user is no longer listed in the POA Web console. If the user does not 
disappear from the list after you click Disconnect User, wait for the POA to process the disable event, 
then click Disconnect User again. A disconnected user receives an error message stating that 
GroupWise will exit. 


Using POA Log Files 


Error messages and other information about POA functioning are written to log files as well as 
displaying on the POA server console. Log files can provide a wealth of information for resolving 
problems with POA functioning or message flow. This section covers the following subjects to help 
you get the most from POA log files: 


+ Section 37.3.1, “Locating POA Log Files,” on page 551 

+ Section 37.3.2, “Configuring POA Log Settings and Switches,” on page 552 
+ Section 37.3.3, “Viewing POA Log Files,” on page 552 

+ Section 37.3.4, “Interpreting POA Log File Information,” on page 552 


Locating POA Log Files 
The default location of the POA log files varies by platform: 


Linux: /var/log/novell/groupwise/post office name.poa 


Windows: post office\wpcsout\ofs 


You can change the location where the POA creates its log files, as described in Configuring POA Log 
Settings and Switches. 
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Configuring POA Log Settings and Switches 


The following aspects of logging are configurable: 


+ Log File Path (--log) 
+ Disk Logging (--logdiskoff) 
+ Logging Level (--loglevel) 
+ Maximum Log File Age (--logdays) 
+ Maximum Log File Size (--logmax) 
You can configure the log settings in the following ways: 
+ Using ConsoleOne to establish defaults (see Section 36.1.8, “Adjusting the POA Logging Level 
and Other Log Settings,” on page 493) 


+ Using startup switches to override ConsoleOne settings (see Section 40, “Using POA Startup 
Switches,” on page 581) 


+ Using the POA server console to override log settings for the current POA session (see 
“Adjusting POA Log Settings” on page 538) 


+ Using the POA Web console to override other settings for the current POA session (see 
Section 37.2.4, “Controlling the POA from the POA Web Console,” on page 549) 


Viewing POA Log Files 


You can view the contents of the POA log file from the POA server console and POA Web console. 
See the tasks presented in Section 37.1.1, “Monitoring the POA from the POA Server Console,” on 
page 525: 


+ “Browsing the Current POA Log File” on page 537 

+ “Viewing a Selected POA Log File” on page 537 

+ “Cycling the POA Log File” on page 538 

+ “Viewing and Searching POA Log Files” on page 544 


On Linux, you can use the tail command to monitor a file named poa. current log, where poa is the 
name of the POA eDirectory object. This file is a symbolic link to the current POA log file, so that you 
do not need to keep track of the exact POA log file name, which includes the log file creation date and 
an incrementing extension for multiple log files created on the same date. 


Interpreting POA Log File Information 


On startup, the POA records the POA settings currently in effect. Thereafter, it logs events that take 
place, including errors. To look up error messages that appear in POA log files, see “Post Office 
Agent Error Messages” in GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure. 


Because the POA consists of multiple threads, you might find it useful to retrieve the log file into an 
editor and sort it on the thread ID that follows the date and time information. Sorting groups all 
messages together for the same POA thread. You can also use the search capability of the POA Web 
console to gather information about a specific POA thread. See “Viewing and Searching POA Log 
Files” on page 544. 
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37.6.1 


Using GroupWise Monitor 


GroupWise Monitor is a monitoring and management tool that allows you to monitor GroupWise 
agents and gateways from any location where you are connected to the Internet and have access to a 
Web browser. The POA Web console can be accessed from GroupWise Monitor, enabling you to 
monitor all POAs in your GroupWise system from one convenient location. In addition, GroupWise 
Monitor can notify you when agent problems arise. 


GroupWise» Monitor 
Proble = s 
BSA 3 ZAAR B Novell 


Monitored agents for “Corporate.OES Agents" group | 


~ ® © corporate 


® OES Agents Total: 3 Displayed: 1-3 
Windows Agents Refresh [ Hide Subgroup Agent ][ Problem ][ Suspend ][ Resume ][ Move ][ Options |[ Thresholds |[ Help 
SLES Agents = 
Name Status Status Duration Up Time Type Version Platform 
Create @) Provo1 Normal 1d3h11m 1d3h8m MTA 12.0.0 (11/16/2011) Linux 
Lelie @) DevelopmentProvo1 Normal 1d3h11m 1d3h8m POA 12.0.0 (11/16/2011) Linux 
Move 
@) GWIA.Provo1 Normal 1d3h11m 1d3h8m GWIA 12.0.0 (11/16/2011) Linux 


For installation and setup instructions, see “Installing GroupWise Monitor” in the GroupWise 2012 
Installation Guide. For usage instructions, see Part XV, “Monitor,” on page 939. 


Using Novell Remote Manager 


If the POA is running on Novell Open Enterprise Server (OES), you can use Novell Remote Manager 
to monitor the POA. For more information, see the Novell Remote Manager for Linux Administration 
Guide for your version of OES Linux (http://www.novell.com/documentation/oes.html). 


Using an SNMP Management Console 


You can monitor the POA from SNMP management and monitoring programs. When properly 
configured, the POA sends SNMP traps to network management consoles for display along with 
other SNMP monitored programs. 


Although the POA is SNMP-enabled by default, the server where the POA is installed must be 
properly configured to support SNMP, and the POA object in eDirectory must also be properly 
configured. To set up SNMP services for your server, complete the following tasks: 


+ Section 37.6.1, “Setting Up SNMP Services for the POA,” on page 553 
+ Section 37.6.2, “Copying and Compiling the POA MIB File,” on page 555 
+ Section 37.6.3, “Configuring the POA for SNMP Monitoring,” on page 556 


Setting Up SNMP Services for the POA 


Select the instructions for the platform where the POA runs: 


¢ “Linux: Setting Up SNMP Services for the POA” on page 554 
+ “Windows: Setting Up SNMP Services for the POA” on page 554 
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Linux: Setting Up SNMP Services for the POA 


The Linux POA is compatible with NET-SNMP. An older version of SNMP called UCD-SNMP cannot 
be used with the Linux POA. NET-SNMP comes with OES Linux, but it does not come with SLES. If 
you are using SLES, you must update to NET-SNMP in order to use SNMP to monitor the Linux 
POA. 
1 Make sure you are logged in as root. 
2 If NET-SNMP is not already set up on your Linux server, use the following command to 
configure SNMP: 
snmpconf -g basic setup 
The snmpconf command creates the snmpd. conf file in one of the following directories, 


depending on your version of Linux: 


/usr/share/snmp 
/usr/local/share/snmp 
~/.snmp 


3 Locate the snmpd. conf file on your Linux server. 

4 Ina text editor, open the snmpd.conf file and add the following line: 
dlmod Gwsnmp /opt/novell/groupwise/agents/lib/libgwsnmp.so 

5 Save the snmpd. conf file and exit the text editor. 


6 Restartthe SNMP daemon (snmpd) to put the changes into effect. 


IMPORTANT: Make sure that the SNMP daemon always starts before the POA starts. 


7 Skip to Section 37.6.2, “Copying and Compiling the POA MIB File,” on page 555. 


Windows: Setting Up SNMP Services for the POA 


SNMP support is provided for up to eight Windows POAs on the same Windows server. Upon 
startup, each instance of the POA is dynamically assigned a row in its SNMP table. View the contents 
of the POA MIB for a description of the SNMP variables in the table. See Section 37.6.2, “Copying and 
Compiling the POA MIB File,” on page 555 for more information about MIB files. 


On Windows Server 2008, the SNMP Service is usually not included during the initial operating 
system installation. The SNMP Service can be easily added at any time. To add or configure the 
SNMP Service, you must be logged in as a member of the Administrator group. 


To set up SNMP services for the Windows POA, complete the following tasks: 


¢ “Installing SNMP Support on Windows Server 2008” on page 554 
¢ “Installing SNMP Support on Windows Server 2003” on page 555 
+ “Installing Group Wise Agent SNMP Support” on page 555 


Installing SNMP Support on Windows Server 2008 


1 Inthe Control Panel, click Programs and Features. 

2 Click Turn Windows features on or offto open the Server Manager. 

3 Click Features > Add Features. 

4 Inthe Features list, expand SNMP Services, then select SNMP Service. 
5 Click Next, then click Install. 
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6 When the installation is finished, click Close, then exit the Server Manager. 
7 Skip to Installing GroupWise Agent SNMP Support. 


Installing SNMP Support on Windows Server 2003 


1 Click Start > Control Panel > Add or Remove Programs. 

2 Click Add/Remove Windows Components. 

3 Select Management and Monitoring Tools. 

4 Click Details, then select Simple Network Management Protocol. 
5 Follow the on-screen instructions to install the SNMP Service. 


6 Continue with Installing GroupWise Agent SNMP Support. 


Installing GroupWise Agent SNMP Support 


The GroupWise Agent Installation program includes an option for installing SNMP support. 
However, if the server where you installed the agents did not yet have SNMP set up, that installation 
option was not available. Now that you have set up SNMP, you can install GroupWise agent SNMP 
support. 


At the Windows server where you want to install the GroupWise agent SNMP support: 


1 Run setup.exe at the root of the downloaded GroupWise 2012 software image. 


2 Click Install GroupWise System, click Yes to accept the License Agreement, then click Next to 
perform a standard installation. 


3 Select Install individual components, deselect GroupWise Administration, then click Next. 


4 On the Installation Path page, browse to and select the path where the agent software is 
installed, then select Install and Configure SNMP for GroupWise Agents. 


5 Continue through the rest of the installation process as prompted by the Agent Installation 
program. 
The Agent Installation program copies the SNMP support files to the agent installation directory, 
makes the appropriate Windows registry entries, and restarts the Windows SNMP service. 


6 Continue with Copying and Compiling the POA MIB File. 


Copying and Compiling the POA MIB File 


An SNMP-enabled POA returns information contained in a Management Information Base (MIB). 
The MIB is an ASCII data structure that defines the information gathered. It also defines the 
properties that can be monitored and managed on the SNMP-enabled POA. 


Before you can monitor an SNMP-enabled POA, you must compile the gwpoa . mib file using your 
SNMP management program. GroupWise agent MIB files are located in the /agents/snmpmibs 
directory of your GroupWise software distribution directory or the downloaded GroupWise 2012 
software image. 
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The MIB file contains all the Trap, Set, and Get variables used for communication between the POA 
and management console. The Trap variables provide warnings that point to current and potential 
problems. The Set variables allow you to configure portions of the application while it is still running. 
The Get variables display the current status of different processes of the application. 


1 Copythe gwpoa.mibfile to the location reguired by your SNMP management program. 


2 Compile or import the gwpoa .mib file as reguired by your SNMP management program. 
3 Continue with Configuring the POA for SNMP Monitoring. 


Configuring the POA for SNMP Monitoring 


In order for SNMP monitoring programs to monitor the POA, the POA must be configured with a 
network address and SNMP community string. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 


2 Click GroupWise > Network Address to display the Network Address page. 


3 Clickthe pencil icon to provide the TCP/IP address of the server where the POA runs, then click 
Apply. 
4 Click GroupWise > Agent Settings, then scroll to the bottom of the settings list. 


5 Provide your system SNMP community GET string, then click OK. 


6 Configure the SNMP Service with the same community GET string: 


Ga 
6b 
6c 
6d 
6e 

6f 


On the Windows desktop, click Start > Administrator Tools > Services. 

Right-click SNMP Service, then click Properties. 

Click Security, then click Add in the Accepted community names list. 

In the Community Name field, specify your system SNMP community GET string. 
In the Community Rights drop-down list, select READ WRITE. 


Click Add to add the community string to the list, then click OK to close the SNMP 
Properties page. 


7 Restart the POA. 
The POA should now be visible to your SNMP monitoring program. 
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If you want to be notified with an email message whenever POAs encounter critical errors, you can 
designate yourself as an administrator of the domain where the post offices are located. 


1 In ConsoleOne, browse to and right-click the Domain object, then click Properties to display the 


Identification page. 


Properties of Provoi 


‘GroupWise + || NDS Rights + | Other | Rights to Files and Folders 


een 


Domain: 


Description: 


UNC Path: 
Language: 
Domain Type: 
Time Zone: 


Database Version: 


Administrator: 


Page Options... 


Provot 


{\\JBD-GW'\mail\gwsystem\provol 


English - US 


Primary 


(GMT-07:00) Mountain Time (US & Canada) 


View Client Options 


2 Inthe Administrator field, browse to and select your GroupWise user ID. 


A domain can have a single administrator, or you can create a group of users to function as 


administrators. 


3 Click OK to save the administrator information. 


The selected user or group then begins receiving email messages whenever POAs servicing post 


offices in the domain encounter critical errors. 


Corresponding Startup Switches: By default, the POA generates error mail if an administrator has 
been assigned for the domain. Error mail can be turned off using the --noerrormail switch in the POA 


startup file. 


POA Web Console: Another way to receive email notification of POA problems is to use GroupWise 
Monitor to access the POA Web console. See Section 69.5.1, “Configuring Email Notification,” on 


page 957. 


Using the POA Error Message Documentation 


POA error messages are documented with the source and explanation of the error, possible causes of 
the error, and actions to take to resolve the error. See “Post Office Agent Error Messages” in 
GroupWise 2012 Troubleshooting 1: Error Messages. 
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37.9 Employing POA Troubleshooting Techniques 


If you are having a problem with the POA but are not receiving a specific error message, or if the 
suggested actions for the specific error did not resolve the problem, you can review more general 
troubleshooting strategies for dealing with POA problems. See “Strategies for Agent Problems” in 
GroupWise 2012 Troubleshooting 2: Solutions to Common Problems. 


37.10 Using Platform-Specific POA Monitoring Tools 


Each supported operating system for the GroupWise POA provides tools for monitoring programs. 


Linux: You can use SNMP tools like snmpget and snmpwalk that allow you to retrieve the data about all 
the services registered with the SNMP service. These tools are part of the NET-SNMP package. 
See your Linux documentation for additional monitoring suggestions. 


Windows: You can use the Performance Monitor in Windows Administrator Tools to gather similar 
information. See your Windows documentation for additional monitoring suggestions. 
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Optimizing the POA 


You can adjust how the POA functions to optimize its performance. Before attempting optimization, 
you should run the POA long enough to observe its efficiency and its impact on other network 
applications running on the same server. See Chapter 37, “Monitoring the POA,” on page 525. 


Also, remember that optimizing your network hardware and operating system can make a difference 
in POA performance. 


The following topics help you optimize the POA: 


+ Section 38.1, “Optimizing Client/Server Processing,” on page 559 
+ Section 38.2, “Optimizing Message File Processing,” on page 564 
+ Section 38.3, “Optimizing Thread Management,” on page 566 

+ Section 38.4, “Optimizing Database Maintenance,” on page 567 

+ Section 38.5, “Optimizing Client Purge Operations,” on page 570 
+ Section 38.6, “Optimizing Calendar Publishing,” on page 571 


Optimizing Client/Server Processing 


If you run only one POA for the post office, you can adjust the number of POA threads and 
connections for client/server processing. If client/server processing needs are extremely heavy for a 
post office, you can set up a dedicated client/server POA to meet those needs. 


+ Section 38.1.1, “Adjusting the Number of POA Threads for Client/Server Processing,” on 
page 559 


+ Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” on page 561 
+ Section 38.1.3, “Configuring a Dedicated Client/Server POA (Windows Only),” on page 562 


Adjusting the Number of POA Threads for Client/Server Processing 


If the POA is configured with client/server processing enabled, it starts client/server handler threads 
to respond to current client/server requests, up to the number of threads specified by the Client/Server 
Handler Threads option. To respond to occasional heavy loads, the POA can increase the number of 
client/server handler threads above the specified amount if CPU utilization is below the threshold 
established by the CPU Utilization setting. When the POA rereads its configuration information, the 
number of client/server handler threads drops back within the configured limit. You can determine 
how often this happens by checking the Client/Server Pending Requests History page at the POA 
Web console. 


If the POA is frequently not keeping up with the client/server requests from GroupWise client users, 
you can increase the maximum number of client/server handler threads so the POA can create 
additional threads as needed. The default is 10 client/server handler threads; valid values range from 
1 to 99. 
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If GroupWise client users cannot connect to the POA immediately or if response is sluggish, you can 
increase the number of threads. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders 


Agent Settings 


Message File Processing: [All 


Message Handler Threads: | 6 E 


w) Enable Client/Server 

Client/Server Handler Threads: [ 10 18 
Max Physical Connections: [ 2048 E 
Max App Connections: [ 20488) 


vV] Enable Caching 

PU Utilization (NetWare); [ 458 percent 
Delay Time (NetWare): | 100| E milliseconds 
Max Thread Usage for Priming and Moves: [ = 30 E percent 


Enable IMAP 


Max IMAP Threads: 
Enable SOAP 
Max SOAP Threads: 


Enable Calendar Publishing 


Max Calendar Publishing Threads: 


Disable Administration Task Processing 


Enable SNMP 


3 Increase the number in the Client/Server Handler Threads field to increase the maximum number 
of threads the POA can create for client/server processing. 


The optimum number of threads for a POA is affected by many factors, including available 
system resources, number of users in Caching mode, number of users priming Caching 
mailboxes, and so on. 

Plan on at least one client/server handler thread per 20-30 client/server users. Or, you can 
increase the number of client/server handler threads in increments of three to five threads until 
acceptable throughput is reached. Another approach is to set the value high initially and then 
monitor thread usage with the C/S Handler Threads link on the Status page of the POA Web 
console. If some of the threads always have a count of 0 (zero), meaning they are never used, you 
can decrease the number of client/server handler threads accordingly. 


4 Click OK to save the new thread setting. 
ConsoleOne then notifies the POA to restart so the new thread setting can be put into effect. 


Corresponding Startup Switches: You can also use the --tcpthreads switch in the POA startup file to 
adjust the number of POA client/server handler threads. 


POA Web Console: The Status page helps you assess whether the POA is currently meeting the 
client/server needs of the post office. Under the Thread Status heading, click C/S Handler Threads to 
display the workload and status of the client/server handler threads. 


If the POA Web console is password protected as described in Section 37.2.1, “Setting Up the POA 
Web Console,” on page 540, you can change the number of client/server handler threads on the 
Configuration page. Under Performance Settings, click C/S Handler Threads. 
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38.1.2 Adjusting the Number of Connections for Client/Server Processing 


Connections are the number of “sockets” through which client/server reguests are communicated 
from the GroupWise client to the POA. 


+ Application connections: Each GroupWise user uses one application connection when he or 
she starts GroupWise. Depending on what activities the user is doing in the GroupWise client, 
additional application connections are used. For example, the GroupWise Address Book and 
GroupWise Notify use individual application connections. The default maximum number of 
application connections is 2048. You should plan about 3 to 4 application connections per user, 
so the default is appropriate for a post office of about 500 users. 


* Physical connections: Each GroupWise user could have zero or multiple active physical 
connections. One physical connection can accommodate multiple application connections. 
Inactive physical connections periodically time out and are then closed by the clients and the 
POA. The default maximum number of physical connections is 2048. You should plan about 1 to 
2 physical connections per user, so the default is appropriate for a post office of about 500 users. 


If the POA is configured with too few connections to accommodate the number of users in the post 


office, the POA can encounter an error condition such as “GWPOA: Application connection table 
full”. 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 
Properties of POA 
GroupWise + | NDS Rights + | Other | Rights to Files and Folders 
Agent Settings 


Message File Processing: 


Message Handler Threads: 


v] Enable Client/Server 


Client/Server Handler Threads: 
Max Physical Connections: 


Max App Connections: 


vV] Enable Caching 


PU Utilization (NetWare); | rs percent 


Delay Time (NetWare); 1 = milliseconds 


Max Thread Usage for Priming and Moves: | 30 percent 
[C] Enable IMAP 

Max IMAP Threads: 

Enable SOAP 

Max SOAP Threads: 


Enable Calendar Publishing 


Max Calendar Publishing Threads: 


Disable Administration Task Processing 


Enable SNMP 


3 Increase the number in the Max Physical Connections field to increase the amount of TCP/IP 
traffic the POA can accommodate. 


4 Increase the number in the Max App Connections field to increase the number of activities the 
attached users can perform concurrently. 


5 Click OK to save the new connection settings. 
ConsoleOne then notifies the POA to restart so the new connection settings can be put into 
effect. 


Corresponding Startup Switches: You can also use the --maxappconns and --maxphysconns 
switches in the POA startup file to adjust the POA client/server processing. 
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POA Web Console: The Status page helps you assess whether the POA is currently meeting the 
client/server needs of the post office. Under the Statistics heading, click C/S Requests Pending. You can 
also manually select multiple log files to search in order to display a history of times during the last 
24 hours when the POA was unable to respond immediately to client/server reguests. 


Configuring a Dedicated Client/Server POA (Windows Only) 


NOTE: The powerful multi-threaded processing capabilities of Linux make multiple POAs 
unnecessary on that operating system. 


When GroupWise users access the post office in client/server mode, the responsiveness of the 
GroupWise client depends entirely on the ability of the POA to handle the load placed upon it by the 
users. When you configure a dedicated client/server POA, GroupWise client users do not compete 
with other POA activities. 


Because many POA functions are disabled when a POA is dedicated to client/server processing, you 
must run at least one other POA for the post office to take care of the POA functions that the 
dedicated client/server POA is not performing. This additional POA could be a multipurpose POA, 
or you could configure additional POAs dedicated to specific types of processing. 


To configure a dedicated client/server POA: 
1 Create a new POA object for the post office as described in Section 36.1.1, “Creating a POA 
Object in eDirectory,” on page 482. 
2 Right-click the new POA object, then click Properties. 
3 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 


GroupWise + | NDS Rights v | Other | Rights to Files and Folders: 
Agent Settings 


Message File Processing: v 


Message Handler Threads: 


V] Enable Client/Server 


Client/Server Handler Threads: 
Max Physical Connections: 


Max App Connections: 


V] Enable Caching 


PU Utilization (NetWare): 
Delay Time (NetWare): 


percent 


AD) (ab) 


milliseconds 


| | 


Max Thread Usage For Priming and Moves: 
Enable IMAP 


percent 


a 


Max IMAP Threads: 


Enable SOAP 


Max SOAP Threads: 


Enable Calendar Publishing 


lax Calendar Publishing Threads: 


V] Disable Administration Task Processing 


Enable SNMP 


(JE ME 


4 Make sure Enable Client/Server is selected. 


5 Increase the number in the Client/Server Handler Threads field as needed to increase the 
maximum number of threads the POA can create. 


The optimum number of threads for a POA is affected by many factors, including available 
system resources, number of users in Caching mode, number of users priming Caching 
mailboxes, and so on. 
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Plan on at least one client/server handler thread per 20-30 client/server users. Or, you can 
increase the number of client/server handler threads in increments of three to five threads until 
acceptable throughput is reached. Another approach is to set the value high initially and then 
monitor thread usage with the C/S Handler Threads link on the Status page of the POA Web 
console. If some of the threads always have a count of 0 (zero), meaning they are never used, you 
can decrease the number of client/server handler threads accordingly. 


Increase the number in the Max Physical Connections field as needed to increase the amount of 
TCP/IP traffic the POA can accommodate. 


Plan on one to two physical connections per user in the post office. 


Increase the number in the Max App Connections field as needed to increase the number of 
activities the attached users can perform concurrently. 


Plan on three to four application connections per user in the post office. 


8 Set Message File Processing to Off. Make sure another POA handles message file processing. 


9 Select Disable Administration Task Processing, so that this POA does not run an admin thread. 


10 


19 


20 


21 


Make sure that another POA handles administration tasks. 

Click Apply to save the updated information on the Agent Settings page. 

Click GroupWise > QuickFinder. 

Deselect Enable QuickFinder Indexing, then click Apply. Make sure another POA handles 
indexing. 

Click GroupWise > Maintenance. 

Deselect Enable Automatic Database Recovery. Make sure another POA handles database recovery. 


Set Maintenance Handler Threads to 0 (zero). Make sure another POA handles database 
maintenance and disk space management. 


Deselect Perform User Upkeep and deselect Generate Address Book for Remote. Make sure another 
POA handles these tasks. 


Click OK to save the new settings for dedicated client/server processing. 


Install the POA software on a different server from where the original POA for the post office is 
already running. See “Installing GroupWise Agents” in the GroupWise 2012 Installation Guide. 


Add the --name switch to the POA startup file and specify the name designated when you 
created the new POA object. 


For the original POA: 


20a Add the --name switch to the original POA startup file to differentiate it from the new POA 
you have set up. 


20b Deselect Enable Client/Server for the original POA object. 


20c Restart the original POA, so that it no longer performs the client/server activities you have 
set up a dedicated POA to perform. 


Start the dedicated client/server POA. 


Corresponding Startup Switches: You can also use the --nomf, --noqf, --norecover, --nogwchk, 
--nonuu, and --nordab switches in the POA startup file to disable non-client/server processing, then 
use the --tcpthreads, --maxappconns, and --maxphysconns switches to adjust the POA client/server 
processing. 
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Optimizing Message File Processing 


If you run only one POA for the post office, you can adjust the number of POA threads for message 
file processing. If message file processing needs are extremely heavy for a post office, you can set up 
a dedicated message file processing POA to meet those needs. 


+ Section 38.2.1, “Adjusting the Number of POA Threads for Message File Processing,” on 
page 564 


+ Section 38.2.2, “Configuring a Dedicated Message File Processing POA (Windows Only),” on 
page 565 


Adjusting the Number of POA Threads for Message File Processing 


If the POA is configured for message file processing, it starts the number of threads specified by the 
Message Handler Threads option. Message handler threads deliver messages to users mailboxes. The 
default number of message handler threads is 6; valid values range from 1 to 20. The default value of 
6 is appropriate for a multipurpose POA. The maximum value of 20 is appropriate for a POA that has 
been customized to process only message files. 


The more message threads the POA uses, the faster it can process messages. However, the more 
threads the POA uses, the fewer resources are available to other processes running on the server. 


To adjust the number of POA message handler threads: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 
NDS Rights + | Other | Rights to Files and Folders 
Message File Processing: 


Message Handler Threads: 


vV] Enable Client/Server 


Client/Server Handler Threads: 
x Physical Connections: | 204 


x App Connections: 2048 


Enable Caching 

PU Utilization (NetWare): L 85 18 percent 

lay Time (NetWare): | 100 Ej milliseconds 
x Thread Usage for Priming and Moves: | 30 ia percent 


Enable IMAP 


x IMAP Threads: 


Enable SOAP 


x SOAP Threads: 


Enable Calendar Publishing 


x Calendar Publishing Threads: 


Disable Administration Task Processing 


Enable SNMP 


3 Increase the number in the Message Handler Threads field. 


For example, you could increase the number of threads in increments of three to five threads 
until acceptable throughput is reached. The optimum number of threads for a POA is affected 
by many factors, including available system resources. The more message handler threads the 
POA uses, the more incoming messages it can process simultaneously. However, the more 
threads the POA uses, the fewer threads are available to other processes running on the same 
server. 
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4 Click OK to save the new thread setting. 


ConsoleOne then notifies the POA to restart so the new setting can be put into effect. 


Corresponding Startup Switches: You can also use the --threads switch in the POA startup file to 
adjust the number of message handler threads. 


POA Web Console: The Status page helps you assess whether the POA is currently meeting the 
message file processing needs of the post office. Under the Thread Status heading, click Message 
Worker Threads to display the workload and status of the message handler threads. 


If the POA Web console is password protected as described in Section 37.2.1, “Setting Up the POA 
Web Console,” on page 540, you can change the number of message handler threads on the 
Configuration page. Under Performance Settings, click Message Worker Threads. 


38.2.2 Configuring a Dedicated Message File Processing POA (Windows 
Only) 


NOTE: The powerful multi-threaded processing capabilities of Linux make multiple POAs 
unnecessary on that operating system. 


If client/server processing is being handled by a dedicated client/server POA, you can set up one or 
more other POAs to handle other POA functions such as message file processing. 


1 Create anew POA object for the post office as described in Section 36.1.1, “Creating a POA 
Object in eDirectory,” on page 482. 


2 Right-click the new POA object, then click Properties. 
3 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of POA 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders 
Agent Settings 


Message File Processing: all v 


Message Handler Threads: = 2018 


Enable Client/Server 

Client/Server Handler Threads: 10 Se 
Max Physical Connections: 204318) 
Max App Connections: | 2048 E 


Enable Caching 
CPU Utilization (NetWare): [ 85 Ei percent 
Delay Time (NetWare): 100 s milliseconds 


Max Thread Usage for Priming and Moves: | 30) E percent 
[C] Enable IMAP 


Max IMAP Threads: 


Enable SOAP 


x SOAP Threads: 


Enable Calendar Publishing 


[C Enable SNMP 


Ca Ce) E EA 


4 Set Message File Processing to the desired level for this message file processing POA. 


If you are using just one message file processing POA, set Message File Processing to All. 
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For additional load balancing, you could set up two message file processing POAs, one with 
Message File Processing set to High to promptly handle Busy Searches and reguests from Remote 
client users, and a second with Message File Processing set to Low to handle regular message 
delivery in the post office. 


Increase the number in the Message Handler Threads field as needed. 


You can configure as many as 20 message handler threads. The optimum number is affected by 
many factors, including available system resources. 


Deselect Enable Client/Server. Make sure another POA handles client/server processing. 


7 Select Disable Administration Task Processing, so that this POA does not run an admin thread. 


Make sure that another POA handles administration tasks. 


Click Apply to save the updated information on the Agent Settings page. 


9 Click GroupWise > OuickFinder. 


17 


18 


19 


Deselect Enable OuickFinder Indexing, then click Apply. Make sure another POA handles 
indexing. 

Click GroupWise > Maintenance. 

Deselect Enable Automatic Database Recovery. Make sure another POA handles database recovery. 


Set Maintenance Handler Threads to 0 (zero). Make sure another POA handles database 
maintenance and disk space management. 


Deselect Perform User Upkeep and deselect Generate Address Book for Remote. Make sure another 
POA handles these tasks. 


Click OK to save the new settings for dedicated message file processing. 


Install the POA software on a different server from where the original POA for the post office is 
already running. See “Installing GroupWise Agents” in the GroupWise 2012 Installation Guide. 


Add the --name switch to the POA startup file and specify the name designated when the new 
POA object was created. 


For the original POA: 


18a Addthe --name switch to the original POA startup file to differentiate it from the new POA 
you have setup. 


18b Set Message File Processing to Off for the original POA object. 


18c Restartthe original POA, so thatitno longer performs the message file processing activities 
you have set up a dedicated POA to perform. 


Start the dedicated message file processing POA. 


Corresponding Startup Switches: You can also use the --notcpip, --nogf, --norecover, --nogwchk, 
--nonuu, and --nordab switches in the POA startup file to disable non-message file processing, then 
use the --nomfhigh and --nomflow switches in the POA startup file to adjust the POA message file 
processing. 


Optimizing Thread Management 


The availability of client/server threads affects a GroupWise user's experience in the GroupWise 
client. When the POA is working under a heavy load, users can experience degraded performance 
when sufficient client/server threads are not available. To maintain the best possible performance for 
GroupWise users, the POA automatically favors client/server processing over message handling. By 
default, under a heavy load, the POA automatically decreases the number of message handler 
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threads and increases the number of client/server threads to favor client connections while keeping 
the total number of threads constant. This behavior benefits users because they are more aware of 
client performance than they are of messages that they have not yet received. 


However, one result of this default behavior is that the message queues can back up during times of 
heavy client activity. If necessary, you can manually adjust the POAS ratio of client/server threads 
and message handler threads to help the POA clear out its message queues. 


1 Make sure that the POA Web console is password protected, as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540. 
2 Inthe POA Web console, click Configuration > Message Worker Threads. 


GroupWise 2012 POA - Development.Provo1 


Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Message File Processing 


Message Worker Threads 6 iv 
Worker Yields to C/S Level iv 
Submit Reset 


3 Increase the number in the Worker Yields to C/S Level field to increase the amount of time that the 
POA waits before reallocating message worker threads as client/server threads. 


Increasing this setting configures the POA to continue processing message gueues rather than 
focusing on client/server processing. Valid values range from 0 (zero) to five. Select 0 to turn off 
the automatic thread adjustments. The settings of 1 through 5 represent increasing amounts of 
time, but not a specific number of seconds or minutes. 


4 Click Submit after changing the setting. 
The POA automatically restarts to put the new setting into effect. 


5 Experiment with the setting until you achieve a proper balance between client/server processing 
and message processing. 


Optimizing Database Maintenance 


If you run only one POA forthe post office, you can adjust the number of database maintenance 
threads. If database maintenance needs are extremely heavy for a post office, you can set up a 
dedicated database maintenance POA to meet those needs. 


+ Section 38.4.1, “Adjusting the Number of POA Threads for Database Maintenance,” on page 567 


+ Section 38.4.2, “Configuring a Dedicated Database Maintenance POA (Windows Only),” on 
page 568 


Adjusting the Number of POA Threads for Database Maintenance 


The POA by default performs a certain amount of database maintenance. In addition, you can create 
your own customized maintenance events as described in Section 36.4.1, “Scheduling Database 
Maintenance,” on page 517 and Section 36.4.2, “Scheduling Disk Space Management,” on page 520. 


By default, the POA starts one thread to handle all POA scheduled events and also all usage of the 
Mailbox/Library Maintenance feature in ConsoleOne. 


To adjust the number of POA database maintenance handler threads: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
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2 Click GroupWise > Maintenance to display the Maintenance page. 


Properties of POA 
‘GroupWise + | NDS Rights + | Other | Rights to Files and Folders 
Maintenance nutad 


[V Enable Automatic Database Recovery 
Maintenance Handler Threads: 
[V Perform User Upkeep 


Start User Upkeep: hours after midnight 


[V Generate Address Book for Remote 
Start Address Book Generation: hours after midnight 


Disk Check Interval: minutes 


Disk Check Delay: hours 


Page Options... | Cancel | 


3 Increase the numberin the Maintenance Handler Threads field. 
4 Click OK to save the new thread setting. 
ConsoleOne then notifies the POA to restart so the new setting can be put into effect. 


Corresponding Startup Switches: You can also use the --gwchkthreads switch in the POA startup 
file to increase the number of POA threads started for database maintenance activities. 


POA Web Console: The Status page helps you assess whether the POA is currently meeting the 
database maintenance needs of the post office. Under the Thread Status heading, click GWCheck 
Worker Threads to display the workload and status of the database maintenance handler threads. 


If the POA Web console is password protected as described in Section 37.2.1, “Setting Up the POA 
Web Console,” on page 540, you can change the number of database maintenance handler threads on 
the Configuration page. Under Performance Settings, click Maximum GWCheck Worker Threads. 


Configuring a Dedicated Database Maintenance POA (Windows Only) 


NOTE: The powerful multi-threaded processing capabilities of Linux make multiple POAs 
unnecessary on that operating system. 


If a large amount of database maintenance needs to be performed for a post office, you can set up a 
dedicated database maintenance POA so that the database maintenance activities do not impact 
other POA activities, such as responding to GroupWise client users. 


1 Create a new POA object for the post office as described in Section 36.1.1, “Creating a POA 
Object in eDirectory,” on page 482. 


2 Right-click the new POA object, then click Properties. 
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Click GroupWise > Maintenance to display the Maintenance page. 


Properties of POA 
GroupWise + | NDS Rights + | Other | Rights to Files and Folders 
Maintenance: 

IV Enable Automatic Database Recovery 
Maintenance Handler Threads: 


|” Perform User Upkeep 


Start User Upkeep: hours after midnight 


Start Address Book Generation: hours after midnight 
Disk Check Interval: minutes 


Disk Check Delay: hours 


Page Options... OK Cancel Apply Help 


4 Make sure Enable Automatic Database Recovery is selected. 


5 Set Maintenance Handler Threads as needed. 


The maximum number of threads you can start for database maintenance is 8. 


Deselect Perform User Upkeep and deselect Generate Address Book for Remote. Make sure another 
POA handles these tasks. 


Set Disk Check Interval and Disk Check Delay as appropriate for the database maintenance events 
you plan to schedule. 


8 Click Apply to save the updated information on the Maintenance page. 


9 Click GroupWise > Scheduled Events, then create database maintenance events as needed, as 


10 


described in Section 36.4.1, “Scheduling Database Maintenance,” on page 517 and Section 36.4.2, 
“Scheduling Disk Space Management,” on page 520. 


Click GroupWise > Agent Settings. 


Deselect Enable Client/Server and set Client/Server Handler Threads to 0. Make sure another POA 
handles client/server processing. 


Click Apply to save the updated information on the Agent Settings page. 

Click GroupWise > QuickFinder. 

Deselect Enable QuickFinder Indexing. Make sure another POA handles indexing. 
Click OK to save the new settings for dedicated database maintenance processing. 


Install the POA software on a different server from where the original POA for the post office is 
already running. See “Installing GroupWise Agents” in the GroupWise 2012 Installation Guide. 


Add the --name switch to the POA startup file and specify the name designated when you 
created the new POA object. 
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18 Forthe original POA: 


18a Addthe --name switch to the original POA startup file to differentiate it from the new POA 
you have setup. 


18b Deselect Enable Automatic Database Recovery for the original POA object. 


18c Restart the original POA, so that it no longer performs the database maintenance activities 
you have set up a dedicated POA to perform. 


19 Start the dedicated database maintenance POA. 


Corresponding Startup Switches: You can also use the --nomf, --notcpip, --noqf, --nonuu, and 
--nordab switches in the POA startup file to disable unwanted processing, then use the 
--gwchkthreads switch to increase the number of database maintenance handler threads. 


Optimizing Client Purge Operations 


If enough users empty a very large number of items from their mailboxes all at once, the POA can 
become very busy purging the items, rather than responding to other user requests in a timely 
manner. Similarly, when many users log in to GroupWise at about the same time (for example, first 
thing in the morning), many clients might need to start an Auto-Archive task (which includes purge 
operations as part of the archive task), and this can also make the POA very busy until the purge 
operations are completed. 


By default, the POA is configured to efficiently handle a typical amount of purging. However, if the 
default configuration is unacceptably slow during periods of heavy purging, you can prevent users' 
client response time from degrading. You can configure the POA to restrict the amount of purging 
that can take place concurrently. 


1 Make sure that the POA Web console is password protected, as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540. 
2 Inthe POA Web console, click Configuration > Mass Purge Items Threshold. 


GroupWise 2012 POA - Development.Provo1 


Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Mass Purge Operation Control 


Purge Items Threshold 10 + 


Max Concurrent Threads Limit 3[w 


Submit Reset 


The default settings are typically appropriate. 


3 (Conditional) If users are experiencing sluggish response time at the beginning of the day, 
increase the settings until satisfactory response time is achieved. 


Purge Items Threshold: Select the maximum number of items that the POA immediately purges 
from a mailbox. The default number of items to purge immediately is less than 10. Valid values 
range from 5 to 50. 


Max Concurrent Threads Limit: Select the maximum number of concurrent threads that the 
POA can start for purging batches of items that exceed the Mass Purge Items Threshold setting. 
The default number of concurrent threads for purging items is 3. Valid values range from 1 to 8. 


4 Click Submit after changing the setting. 


The POA automatically restarts to put the new setting into effect. 
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38.6 Optimizing Calendar Publishing 


See “Configuring a POA for Calendar Publishing” in “Installing the GroupWise Calendar Publishing 
Host” in the GroupWise 2012 Installation Guide. 
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39.1 


Managing Indexing of Attachment 
Content 


If you run only one POA forthe post office, you can adjust the indexing schedule. You can choose to 
have indexing performed by the POAS internal Document Converter Agent (DCA) or by the 
independent Document Viewer Agent (DVA). If indexing needs are extremely heavy for a post office, 
you can set up a dedicated indexing POA to meet those needs. 

+ Section 39.1, “Regulating Indexing,” on page 573 

+ Section 39.2, “Configuring the Document Converter Agent (DCA),” on page 575 

+ Section 39.3, “Enabling the Document Viewer Agent (DVA) for Indexing,” on page 576 

+ Section 39.4, “Controlling Maximum Document Conversion Size and Time,” on page 577 

+ Section 39.5, “Configuring a Dedicated Indexing POA (Windows Only),” on page 577 


+ Section 39.6, “Customizing Indexing,” on page 579 


NOTE: To facilitate the Find feature in the GroupWise client, the POA searches unindexed messages 
as well as those that have already been indexed, so that all messages are immediately available to 
users whenever they perform a search. The POA does not search unindexed documents, so 
documents cannot be located using the client Find feature until after indexing has been performed. 


For alist of the file types that the POA can index, see Oracle Outside In Technology Supported Formats 
(http://www.oracle.com/technetwork/middleware/content-management/ds-oitfiles-133032.pdf). 


Regulating Indexing 


By default, the POA indexes messages and documents in the post office every 24 hours at 8:00 p.m. 
You can modify this interval if users need messages and documents indexed more guickly. To start 
indexing immediately, see “Updating OuickFinder Indexes” on page 536. 


To adjust the interval at which indexing occurs: 


1 In ConsoleOne, browse to and right-click the POA object, then click Properties. 
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2 Click GroupWise > OuickFinder to display the OuickFinder page. 


Properties of POA 
GroupWise + | NDS Rights + | Other | Rights to Files and Folders 
QuickFinder 
[V] Enable QuickFinder Indexing 
Start QuickFinder Indexing: [ 20 E hours 0 (SI minutes 


QuickFinder Interval: [ 24 E hours ol minutes 


[C] Quarantine files that fail during conversion 


3 Make sure Enable OuickFinder Indexing is selected. 


4 Inthe Start QuickFinder Indexing field, specify the number of hours and minutes after midnight 
you want the POA to start its indexing cycle. 


For example, if you set QuickFinder Interval to 6 and Start QuickFinder Indexing to 1 hour, 
indexing cycles occurs at 1:00 a.m., 7:00 a.m., 1:00 p.m., and 7:00 p.m. 


5 Decrease the number of hours and minutes in the QuickFinder Interval field so indexing occurs 
more frequently. 


The interval is measured from the start of one indexing cycle to the next, so that indexing starts 
at regular intervals, no matter how long each indexing session takes. By default, the start point 
of the cycle is 8:00 p.m. 


To avoid overloading the POA with indexing processing, a maximum of 1000 items are indexed 
per database for each indexing cycle. If a very large number of messages are received regularly, 
you should configure the POA with frequent indexing cycles in order to get all messages 
indexed in a timely manner. 


To handle occasional heavy indexing requirements, you can start indexing manually. See 
“Updating QuickFinder Indexes” on page 536. 
6 Click OK to save the new indexing settings. 


ConsoleOne then notifies the POA to restart so the new settings can be put into effect. 


Corresponding Startup Switches: You can also use the --qfinterval, --gfintervalinminute, 
--qfbaseoffset, and --qfbaseoffsetinminute switches in the POA startup file to regulate indexing. 


POA Web Console: If the POA Web console is password protected as described in Section 37.2.1, 
“Setting Up the POA Web Console,” on page 540, you can control indexing for the current POA 
session on the Configuration page. Under the General Settings heading, click QuickFinder Indexing. If 
indexing is currently in progress, you can check the status of the indexing process on the Scheduled 
Events page. 
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Configuring the Document Converter Agent (DCA) 


By default, POA can index the file types listed in Oracle Outside In Technology Supported Formats (http:/ 


/www.oracle.com/technetwork/middleware/content-management/ds-oitfiles-133032.pdf). 


In addition, the POA uses the Document Converter Agent (DCA) to index attached PDF files, 
OpenOffice files, and Microsoft Office 2007 files by converting these file types into HTML in order to 
index them. The POA decrypts attachment files and places them in the post_office/oftemp/ 
gwdca/in directory. The DCA converts the files into HTML and moves them to the post office/ 
oftemp/gwdca/out directory, where the POA picks them up and performs QuickFinder indexing on 
the HTML version. Then the HTML version is deleted. The DCA reports errors in the mmdddca. nnn 
log file. 


The DCA can occasionally fail to convert a document into HTML. By default, documents that fail the 
conversion into HTML are deleted from the post_office/oftemp/gwdca/in directory and are not 
indexed. However, you can configure the POA to quarantine failed attachments for further 
examination. Quarantined documents are moved to the post_office/oftemp/gwdca/problem 
directory and are not encrypted. 


For security reasons, you should enable the quarantine only to collect sample problem documents in 
order to submit them to Novell for investigation. Then you should turn off the quarantine to 
reestablish appropriate security for attached documents. 


1 In ConsoleOne, browse to and right-click the POA object where you want to turn on the 
quarantine, then click Properties. 


2 Click GroupWise > QuickFinder. 


Properties of POA 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders 
QuickFinder 


[V] Enable QuickFinder Indexing 
Start QuickFinder Indexing: 20 $ hours 0 E minutes 


QuickFinder Interval: dig hours = 0 FE minutes 


[C] Quarantine files that fail during conversion 


Core JC JC _] 


3 Select Quarantine Files That Fail during Conversion, then click OK. 
4 Collect problem files for investigation. 


5 Disable the quarantine to return to normal POA operations with full security for attached files. 


Corresponding Startup Switches: You can use the --nodca switch in the POA startup file to prevent 
the DCA from starting. You can use the --dcamaxsize and --dcamaxtime switches to control file size 
and processing time that the DCA dedicates to converting large files. 
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POA Web Console: You can see whether the guarantine is on or off on the Configuration page. If the 
POA Web console is password protected as described in Section 37.2.1, “Setting Up the POA Web 
Console,” on page 540, you can control the maximum amount of time allowed for the conversion of a 
single document file and the maximum size of a document file for which conversion is attempted. 


GroupWise Client in Caching Mode: When users from the Windows client are in Caching Mode, 
the DCA runs locally on their workstations. Temporary files are stored under the following 
directories on users’ workstations: 


Windows 7: c:\Users\user name\AppData\Roaming\Temp\gwdca 
Windows Vista: c:\Users\user name\AppData\Local\Temp\gwdca 


Windows XP: c:\Documents and Settings\user name\Local Settings\Temp\gwdca 


If temporary files accumulate in these directories, they can be safely deleted. 


Enabling the Document Viewer Agent (DVA) for Indexing 


By default, the POA uses Oracle Outside In Technology (http://www.oracle.com/technetwork/ 
middleware/content-management/ds-oitfiles-133032.pdf) and the Document Converter Agent (DCA) 
to convert documents into HTML format for indexing. As an alternative to the DCA, which is a 
process internal to the POA, you can use the independent Document Viewer Agent (DVA) for HTML 
conversion. 


Using the DVA instead of the DCA has the following advantages: 


* Simplicity: GroupWise WebAccess reguires the DVA to convert attached documents into HTML 
format for viewing in a Web browser. If you configure the POA to use an existing DVA, you 
eliminate the need fora DCA. 


+ Fault Tolerance: You can configure the POA to contact as many as three DVAs. If the DVA that 
the POA is communicating with stops responding, the POA contacts the next DVA inthe list. 


+ Improved Performance: You can run the DVA on a server other than where the POA runs to 
lessen the processing load on the POA server. 


For complete information about the DVA, see Part XI, “Document Viewer Agent,” on page 709. 


You configure the POA to use the DVA instead of the DCA by using startup switches in the POA 
startup file. For background information, see Chapter 40, “Using POA Startup Switches,” on 
page 581. 


1 Use the --usedva switch to configure the POA to use the DVA instead of the DCA. If the DVA 
becomes unavailable, the POA falls back to using the DCA for document conversion. 
2 Use the --dvanipaddr and --dvanport switches to identify from one to three DVAs. 


Replace n with 1, 2, or 3. Three DVAs is recommended. Multiple POAs can communicate with 
the same DVA simultaneously. 


3 (Conditional) If you want to use a secure SSL connection between the POA and the DVA, use the 
--dvanssl switch. 


By default, SSL is not used. Set the switch to enable to enable a secure SSL connection. For more 
information about using SSL with the POA, see Section 36.3.3, “Securing the Post Office with 
SSL Connections to the POA,” on page 508. 


4 After you edit the POA startup file, restart the POA in order to put the changes into effect. 
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Controlling Maximum Document Conversion Size and Time 


By default, the POA sends all attached documents for HTML conversion for indexing, regardless of 
the size of the document, and by default, the POA waits as long as 10 minutes to receive the HTML 
version. 


You control the maximum document conversion size and time using startup switches in the POA 
startup file. After you edit the POA startup file, you must restart the POA in order to put the changes 
into effect. 


Use the --dcamaxsize switch to restrict the size of documents that it sends for conversion. Set the -- 
dcamaxsize switch to the maximum document size in kilobytes. For example, you would use 20480 
for 20 MB. 


Use the --dcamaxtime switch to change the amount of time the POA waits for the HTML version. Set 
the --dcamaxtime switch to the number of seconds that you want the POA wait. The default is 600 
seconds. 


These switches control how the POA hands off documents for HTML conversion, regardless of 
whether it is configured to use the DCA or the DVA. 


Configuring a Dedicated Indexing POA (Windows Only) 


NOTE: The powerful multi-threaded processing capabilities of Linux make multiple POAs 
unnecessary on that operating system. 


If your GroupWise client users rely heavily on indexed documents, you can set up a dedicated 
indexing POA so that indexing can be performed without impacting other POA functions on the 
server. A dedicated indexing POA is beneficial if the typical indexing load is adversely affecting the 
POA’s performance in servicing GroupWise client users. 


To configure a dedicated indexing POA: 


1 Create a new POA object for the post office as described in Section 36.1.1, “Creating a POA 
Object in eDirectory,” on page 482. 


2 Right-click the new POA object, then click Properties. 
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3 Click GroupWise > OuickFinder to display the OuickFinder page. 


Properties of POA 
GroupWise + | NDS Rights + | Other | Rights to Files and Folders 
QuickFinder 
[¥] Enable QuickFinder Indexing 
Start QuickFinder Indexing: 20 E hours [0 E minutes 
QuickFinder Interval: o s hours of minutes 


[C] Quarantine files that fail during conversion 


| | | A 


4 Make sure Enable QuickFinder Indexing is selected. 


5 Inthe Start QuickFinder Indexing field, specify the number of hours and minutes after midnight 
you want the POA to start its indexing cycle. 


The default is 20, meaning at 8:00 p.m. 


6 Set QuickFinder Update Interval low enough to keep up with the indexing demands of your 
GroupWise client users. 


To avoid overloading the POA with indexing processing, a maximum of 1000 items are indexed 
per database for each indexing cycle. If a very large number of messages are received regularly, 
you should configure the POA with very frequent indexing cycles in order to get all messages 
indexed in a timely manner. 


For continuous QuickFinder indexing, set QuickFinder Update Interval to 0 (zero). 
7 Click Apply to save the updated QuickFinder settings. 
Click GroupWise > Agent Settings. 


o œ 


Set Message File Processing to Off. Make sure another POA handles message file processing. 


10 Deselect Enable Client/Server and set Client/Server Handler Threads to 0. Make sure another POA 
handles client/server processing. 


11 Select Disable Administration Task Processing, so that this POA does not run an admin thread. 
Make sure that another POA handles administration tasks. 


12 Click Apply to save the updated agent settings. 
13 Click GroupWise > Maintenance. 
14 Deselect Enable Automatic Database Recovery. Make sure another POA handles database recovery. 


15 Set Maintenance Handler Threads to 0 (zero). Make sure another POA handles database 
maintenance and disk space management. 


16 Deselect Perform User Upkeep and deselect Generate Address Book for Remote. Make sure another 
POA handles these tasks. 


17 Click OK to save the new settings for dedicated indexing. 
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18 Install the POA software on a different server from where the original POA for the post office is 
already running. See “Installing GroupWise Agents” in the GroupWise 2012 Installation Guide. 


19 Add the --name switch to the POA startup file and specify the name designated when the new 
POA object was created. 


20 For the original POA: 


20a Add the --name switch to the original POA startup file to differentiate it from the new POA 
you have set up. 


20b Deselect Enable QuickFinder Indexing for the original POA object. 


20c Restart the original POA, so that it no longer performs the QuickFinder indexing activities 
you have set up a dedicated POA to perform. 


21 Start the dedicated indexing POA. 


Corresponding Startup Switches: You can also use the --nomf, --notcpip, --norecover, --nonuu, and 
--nordab switches in the POA startup file to disable unwanted processing, then use the --qfinterval, 
--qfintervalinminute, --qfbaseoffset, and --qfbaseoffsetinminute switches to control the indexing 
schedule. 


Customizing Indexing 


By default, the POA indexes 500 items in a user or library database, then moves on to the next 
database during each QuickFinder indexing cycle. The indexing cycle is established on the 
QuickFinder property page of the POA object. By default, QuickFinder indexing is performed once a 
day at 8:00 p.m. If a database has more than 500 items that need to be indexed, items beyond 500 wait 
for the next indexing cycle. 


Occasionally, circumstances arise where indexing needs are especially heavy for a short period of 
time. This can occur when you move users to a different post office or if the QuickFinder indexes for 
a post office become damaged. Startup switches are available for temporary use in the POA startup 
file to customize the way the POA handles indexing. In general, they are not intended for long-term 
use. You might want to set up a separate POA just to handle the temporary indexing needs, as 
described in Section 39.5, “Configuring a Dedicated Indexing POA (Windows Only),” on page 577, 
and use these switches only with the dedicated indexing POA. 


Because the switches are placed in the POA startup file, you must stop and then start the POA to put 
the settings into effect. 

+ Section 39.6.1, “Determining What to Index,” on page 579 

+ Section 39.6.2, “Determining Indexing Priority,” on page 580 

+ Section 39.6.3, “Reclaiming Disk Space,” on page 580 


Determining What to Index 


You can configure the POA to index just user mailbox contents or just library contents. Use the 
--qfnousers switch to focus on indexing library contents. Use the --qfnolibs switch to focus on 
indexing user mailbox contents. Use the --qfnopreproc switch to suppress even the generation of 
document word lists that are normally written to user databases that reference documents. 


When you have a large number of user databases that need to be indexed, you can configure the POA 
to index a specific range of databases based on user FIDs. For a task of this magnitude, you should 
run multiple dedicated indexing POAs with each POA configured to process a specific range of 
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39.6.3 


databases. Use the --gfuserfidbeg and --gfuserfidend switches to define the range for each POA. You 
can determine the FID numbers of the databases by listing the user databases (userxxx.db) in the 
ofuser directory. The xxx part of the user database name is the FID. 


You could also use these switches to single out a specific user database for indexing. Specify the same 
FID for both switches. To determine a user's FID, click Help > About GroupWise in the Group Wise 
client. In Online mode, the FID is displayed after the user name. In Caching or Remote mode, the FID 
is the last three characters of the Caching or Remote directory name (for example, gwstr7bh). 


Determining Indexing Priority 


The POA carries on many processes at once. If you are not using a dedicated indexing POA, you can 
configure the POA to make indexing a higher or lower priority task than responding to users” 
activities in their mailboxes. You can also control how many items the POA indexes in each database 
that it processes. Use the --gflevel switch to control indexing priority. The table below explains the 
priority levels: 


Priority Description 


Level 

0 Index a maximum of 1000 items at a time, rather than the default of 500. 

1 Index a maximum of 500 items at time, using a low-priority thread. This keeps frequent daytime 
indexing cycles from interfering with users’ activities in their mailboxes. 

2 Index a maximum of 1000 items at a time, using a medium-priority thread. This allows additional 
items in each database to be processed in each indexing cycle. Using a medium-priority thread 
makes indexing more important than some user activities in mailboxes. Users might notice some 
slowness in response from the GroupWise client. 

3 Index a maximum of 2000 items at a time, using a high-priority thread. Using a high- priority thread 
makes indexing more important than many user activities in mailboxes. Users will notice some 
slowness in response from the GroupWise client. This is warranted only when the immediate 
completion of indexing is extremely important. 

999 Index constantly until all databases have been indexed, then wait until the next indexing cycle set on 


the QuickFinder property page of the POA object before starting to index again. 


If you have users who consistently receive more items than are processed during your current daily 
indexing cycle, you could implement an appropriate --qflevel setting for permanent use. 


Reclaiming Disk Space 


The POA uses . idx files to store compressed indexes. It uses . inc files to store incremental indexes 
that have not yet been compressed. At regular intervals, the POA compresses the contents of the . inc 
files and adds the data to the . idx files. Afterwards, it retains the previous . idx and .inc files for a 
period of time. Use the --gfdeleteold switch to delete the previous versions of the .idx and . inc files 
to conserve disk space during periods of heavy indexing. It is primarily applicable when using 
--qflevel=1 where indexing is a lower priority task. For --qflevel=2 and --qflevel=3, indexing itself is a 
higher priority than compression and deletion cleanup tasks. 
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Using POA Startup Switches 


You can override settings provided in ConsoleOne by using startup switches in the POA startup file. 
The default location for the startup file varies by platform. 


Linux: /opt/novell/groupwise/agents/share 


Windows: c:\Program Files\Novell\GroupWise Server\Agents 


When you run the Agent Installation program, an initial POA startup file is created. It is named using 
the first 8 characters of the post office name with a .poa extension. This initial startup file includes 
the --home startup switch set to the location of the post office directory. 


When you update the POA software, the existing POA startup file can be retained or overwritten as 
needed. 


Linux: When you use both the Install and Configure options in the Agent Installation program, the existing 
POA startup file is backed up and then overwritten. When you use only the Install option, the 
existing POA startup file is retained. 


Windows: When you select Install the software files, but do not configure the agents in the Agent Installation 
program, the existing POA startup file is retained. When you do not select this option, the existing 
POA startup file is backed up and then overwritten. 


Startup switches specified on the command line override those in the startup file. Startup switches in 
the startup file override corresponding settings in ConsoleOne. You can view the POA startup file 
from the Configuration page of the POA Web console. 


The table below summarizes POA startup switches for all platforms and how they correspond to 
configuration settings in ConsoleOne. 


Switch starts with:abcdefghijklmnopgrstuvwxyz 


Linux POA Windows POA ConsoleOne Settings 


file name Ofile name N/A 


--attemptsresetinterval lattemptsresetinterval Incorrect Login Reset Time 


--certfile /certfile Certificate File 
--dcamaxsize /dcamaxsize N/A 
--dcamaxtime /dcamaxtime N/A 
--dvanipaddr --dvanipaddr N/A 
--dvanport --dvanport N/A 
--dvanssl --dvanssl N/A 
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Linux POA 


--cluster 
--enforceclientversion 
--evocontrol 
--externalclientssl 
--gwchkthreads 
--gwclientreleasedate 
--gwclientreleaseversion 
--help 

--home 
--httppassword 
--httpport 
--httprefresh 

--httpssl 

--httpuser 

--imap 
--imapmaxthreads 
--imapport 
--imapreadlimit 
--imapreadnew 
--imapssl 
--imapsslport 
--incorrectloginattempts 
--internalclientssl 
--intruderlockout 

--ip 

--keyfile 
--keypassword 
--language 
--Idapdisablepwdchg 
--Idapipaddr 
--Idapippooln 
--Idappoolresettime 


--Idapport 


Windows POA 


/cluster 
/enforceclientversion 
/evocontrol 
lexternalclientssl 
/gwchkthreads 
/gwclientreleasedate 
/gwclientreleaseversion 
/help 

/home 
/httppassword 
/httpport 

/httprefresh 

Ihttpssl 

/httpuser 

limap 
limapmaxthreads 
limapport 
limapreadlimit 
/imapreadnew 
/imapssl 
/imapsslport 
/incorrectloginattempts 
/internalclientssl| 
/intruderlockout 

/ip 

/keyfile 
/keypassword 
/language 
/ldapdisablepwdchg 
/Idapipaddr 
/ldapippooln 
/ldappoolresettime 


/Idapport 
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ConsoleOne Settings 


N/A 

Lock Out Older GroupWise Clients 
N/A 

Internet Client/Server SSL 
Maintenance Handler Threads 
Minimum Client Release Date 
Minimum Client Release Version 
N/A 

N/A 

HTTP Password 

HTTP Port 

N/A 

HTTP SSL 

HTTP User Name 

IMAP 

Max IMAP Threads 

IMAP Port 

N/A 

N/A 

IMAP SSL 

IMAP SSL Port 

Incorrect Logins Allowed 

Local Intranet Client SSL 

Enable Intruder Detection 

N/A 

SSL Key File 

SSL Key File Password 

N/A 

Disable LDAP Password Changing 
LDAP Server Address 

Select LDAP Servers 

LDAP Pool Server Reset Timeout 


LDAP Server Address 


Linux POA 


--Idapportpooln 
--Ildappwd 
--ldapssl 
--Idapssipooln 
--Idapssikey 
--Idapssikeypooln 
--Idaptimeout 
--Idapuser 
--Idapuserauthmethod 
--lockoutresetinterval 
--log 

--logdays 
--logdiskoff 
--loglevel 
--logmax 
--maxappconns 
--maxphysconns 
--mtpinipaddr 
--mtpinport 
--mtpoutipaddr 
--mtpoutport 
--mtpsendmax 
--mtpssl 

--name 

--noada 
--nocache 
--noconfig 
--nodca 
--noerrormail 
--nogwchk 
--nomf 
--nomfhigh 


--nomflow 


Windows POA 


/ldapportpooln 
/ldappwd 
/idapssl 
/Idapsslpooln 
Ildapssikey 
/I\dapsslkeypooln 
/ldaptimeout 
/ldapuser 
/ldapuserauthmethod 
/lockoutresetinterval 
/log 

/logdays 
/logdiskoff 
/loglevel 
/logmax 
/maxappconns 
/maxphysconns 
/mtpinipaddr 
/mtpinport 
/mtpoutipaddr 
/mtpoutport 
/mtpsendmax 
/mtpssl 

/name 

/noada 
/nocache 
/noconfig 
/nodca 
/noerrormail 
/nogwchk 
Inomf 
/nomfhigh 


/nomflow 


ConsoleOne Settings 
LDAP Server Address 

LDAP Password 

Use SSL 

Use SSL 

SSL Key File 

SSL Key File 

Inactive Connection Timeout 
LDAP User Name 

User Authentication Method 
Lockout Reset Time 

Log File Path 

Max Log File Age 

Logging Level 

Logging Level 

Max Log Disk Space 

Max Application Connections 
Max Physical Connections 
IP Address (POA) 

Message Transfer Port (POA) 
IP Address (MTA) 

Message Transfer Port (MTA) 
Maximum Send Message Size 
Message Transfer SSL 

N/A 

N/A 

Enable Caching 

N/A 

N/A 

N/A 

N/A 

Message File Processing 
Message File Processing 


Message File Processing 
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Linux POA 


--nomtp 
--nonuu 
--nogf 
--nordab 
--norecover 
--nosnmp 
--notcpip 
--nuuoffset 
--password 
--port 
--primingmax 


--qfbaseoffset 


--qfbaseoffsetinminute 


--qfdeleteold 
--qfinterval 
--qfintervalinminute 
--qflevel 

--qfnolibs 
--qfnopreproc 
--qfnousers 
--qfuserfidbeg 
--qfuserfidend 
--rdaboffset 
--rights 

--show 

--soap 
--soapmaxthreads 
--soapport 
--soapsizelimit 
--soapssl 
--soapthreads 
--tcpthreads 


--threads 


Windows POA 


/nomtp 
/nonuu 
/nogf 
Inordab 
Inorecover 
/nosnmp 
/notcpip 
/nuuoffset 
/password 
/port 
/primingmax 


/qfbaseoffset 


/qfbaseoffsetinminute 


/qfdeleteold 
/qfinterval 
/qfintervalinminute 
/qflevel 

/qfnolibs 
/qfnopreproc 
/qfnousers 
/qfuserfidbeg 
/qfuserfidend 
/rdaboffset 
/rights 

N/A 

/soap 
/soapmaxthreads 
/soapport 
/soapsizelimit 
/soapssl 
/soapthreads 
/tcpthreads 


/threads 
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ConsoleOne Settings 


N/A 

Perform User Upkeep 

Enable OuickFinder Indexing 
Generate Address Books for Remote 
Enable Auto DB Recovery 

Enable SNMP 

Enable Client/Server 

Start User Upkeep 

Remote Password 


Client/Server Port 


Max Thread Usage for Priming and Moves 


Start OuickFinder Indexing 
Start OuickFinder Indexing 
N/A 

OuickFinder Interval 
OuickFinder Interval 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

Start Address Book Generation 
N/A 

N/A 

Enable SOAP 

Max SOAP Threads 
SOAP Port 

N/A 

SOAP SSL 

N/A 

Client/Server Handler Threads 


Message Handler Threads 


40.1 


40.2 


40.3 


Linux POA Windows POA ConsoleOne Settings 


--Usedva lusedva N/A 


--USer luser N/A 


@file name 


Specifies the location of the POA startup file. 


Linux: The startup file always resides in the /opt /novell/groupwise/agents/share directory. 


Windows: The full path must be included if the file does not reside in the same directory with the POA 
program. 


The startup file must reside on the same server where the POA is installed. 


Linux POA Windows POA 
Syntax: @[/dir/|file @[drive:][\dir\]file 
Example: ./gwpoa @../share/Inxpost.poa gwpoa.exe @sales.poa 


gwpoa.exe @d:\agt\sales.poa 


--attemptsresetinterval 


Specifies the length of time during which unsuccessful login attempts are counted, leading to 
lockout. The default is 30 minutes; valid values range from 15 to 60. See Section 36.3.5, “Enabling 
Intruder Detection,” on page 516. 


Linux POA Windows POA 
Syntax: --attemptsresetinterval minutes /attemptsresetinterval-minutes 
Example: --attemptsresetinterval 45 /attemptsresetinterval-60 


See also --intruderlockout, --incorrectloginattempts, and --lockoutresetinterval. 


--certfile 


Specifies the full path to the public certificate file used to provide secure SSL communication between 
the POA and other programs. See Section 36.3.3, “Securing the Post Office with SSL Connections to 
the POA,” on page 508. 

Linux POA Windows POA 


Syntax: --certfile /dir/file /certfile-[drive:]\dir\file 
/certfile-\\svrsharename\dir\file 
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40.4 


40.5 


40.6 


Linux POA Windows POA 


Example: --certfile /certs/gw.crt /certfile-\ssl\gw.crt 
/certfile-m:\ssl\gw.crt 
certfile-\\server2\c\ssl\gw.crt 


See also --keyfile and --keypassword. 


--cluster 


Informs the POA that it is running ina cluster. When communicating with a clustered POA, the 
GroupWise client extends the retry period for reconnection. A clustered POA automatically binds to 
the IP address configured for the POA object even if the Bind Exclusively to TCP/IP Address option is 
not selected on the POA Network Address page in ConsoleOne. This prevents unintended 
connections to other IP addresses, such as the loopback address or the node's physical IP address. For 
information about clustering the POA, see the GroupWise 2012 Interoperability Guide. 


Linux POA Windows POA 


Syntax: --cluster /cluster 


See also --ip. 


--dcamaxsize 


Sets the maximum size for attached documents that the POA hands off to the DCA or the DVA for 
conversion into HTML format so that the documents can be indexed. By default, there is no 
maximum size limit. See Section 39.4, “Controlling Maximum Document Conversion Size and Time,” 
on page 577. 


Linux POA Windows POA 
Syntax: --dcamaxsize kilobytes /dcamaxsize-kilobytes 
Example: --dcamaxsize 20480 /dcamaxsize-40960 


See also --dcamaxtime. 


--dcamaxtime 


Sets the maximum time that the POA waits to receive documents converted into HTML by the DCA 
or the DVA. The default is 600 seconds (10 minutes). See Section 39.4, “Controlling Maximum 
Document Conversion Size and Time,” on page 577. 


Linux POA Windows POA 
Syntax: --dcamaxtime seconds /dcamaxtime-seconds 
Example: --dcamaxtime 20480 /dcamaxtime-40960 


586 GroupWise 2012 Administration Guide 


40.7 


40.8 


40.9 


See also --dcamaxsize. 


--dvanipaddr 


Specifies the IP address of a DVA that the POA can use to convert documents into HTML format for 
indexing. You can configure the POA to communicate with up to three DVAs. In the switch, replace n 
with 1, 2, or 3 to identify multiple DVAs. See Section 39.3, “Enabling the Document Viewer Agent 
(DVA) for Indexing,” on page 576. 


Linux POA Windows POA 
Syntax: --dvanipaddr ip address Idvanipaddr-ip address 
Example: --dvalipaddr 172.17.5.18 /dva2ipaddr-172.17.5.19 


See also --dvanport, --dvanssl, and --usedva. 


--dvanport 


Specifies the port number used for the POA to communicate with the corresponding DVA. The 
default port number is 8301. In the switch, replace n with 1, 2, or 3 to identify multiple DVAs. See 
Section 39.3, “Enabling the Document Viewer Agent (DVA) for Indexing,” on page 576. 


Linux POA Windows POA 
Syntax: --dvanport port_number /dvanport-port_number 
Example: --dva2port 8302 /dva3port-8303 


See also --dvanipaddr, --dvanssl and --usedva. 


--dvanssl 


Sets the availability of SSL communication between the POA and the corresponding DVA. Valid 
values are enable and disable. SSL is disabled by default. In the switch, replace n with 1, 2, or 3 to 
identify multiple DVAs. See Section 39.3, “Enabling the Document Viewer Agent (DVA) for 
Indexing,” on page 576. 


Linux POA Windows POA 
Syntax: --dvanssl setting /dvanssl-setting 
Example: --dva2ssl enable /dva3ssl-enable 


See also --dvanipaddr, --dvanport, and --usedva. 
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40.10 


40.11 


40.12 


--enforceclientversion 


Enforces the minimum client release version and/or date so that users of older clients are forced to 
update in order to access their GroupWise mailboxes. Valid settings are version, date, both, and 
disabled. See Section 36.2.5, “Checking What GroupWise Clients Are in Use,” on page 502. 


Linux POA Windows POA 
Syntax: --enforceclientversion setting lenforceclientversion-setting 
Example: --enforceclientversion date lenforceclientversion-both 


See also --gwclientreleasedate, and --gwclientreleaseversion. 


--evocontrol 


Determines which versions of Evolution are allowed to access the post office. Users might experience 
problems using Evolution to connect to their GroupWise mailboxes if they are using Evolution 2.6.0 
or earlier. In addition, earlier versions of Evolution can cause high utilization on GroupWise servers. 


To encourage users to update to the latest version of Evolution, you can use the --evocontrol switch to 
configure the POA to allow only specified versions of Evolution. For information about configuring a 
post office to support Evolution, see Section 36.2.4, “Supporting SOAP Clients,” on page 499. 


Linux POA Windows POA 
Syntax: --evocontrol-Evolution-version.date /evocontrol-Evolution-version.date 
--evocontrol-Evolution-Data-Server-version- /evocontrol-Evolution-Data-Server-version-date 
date 
Example: --evocontrol Evolution-1.10-2006-12-04 /evocontrol-Evolution-1.10-2006-12-04 
--evocontrol Evolution-Data-Server-1.10-2006- /evocontrol-Evolution-Data-Server-1.10-2006- 
12-04 12-04 


You can put as many as 10 entries in the startup file, so that you can list as many as 10 versions of 
Evolution. Entries beyond 10 are ignored. You can view the current entries at the POA Web console 
with the other SOAP settings. The POA log file lists the settings in the Soap Session section. 


--externalclientssl 


Sets the availability of SSL communication between the POA and GroupWise clients that are running 
outside your firewall. Valid values are enabled, required, and disabled. See Section 36.3.3, “Securing 
the Post Office with SSL Connections to the POA,” on page 508. 


Linux POA Windows POA 
Syntax: --externalclientssl setting /externalclientssl-setting 
Example:  --externalclientss! disabled /externalclientssl-required 


See also --certfile, --keyfile, --keypassword, and --port. 


588 GroupWise 2012 Administration Guide 


40.13 --gwchkthreads 


Specifies the number of threads the POA starts for Mailbox/Library Maintenance activities. The 
default is 4; valid values range from 1 to 8. See Section 38.4.1, “Adjusting the Number of POA Threads 
for Database Maintenance,” on page 567. 


Linux POA Windows POA 
Syntax: --gwchkthreads number /gwchkthreads-number 
Example: --gwchkthreads 6 /gwchkthreads-8 


See also --nogwchk. 


40.14 --gwclientreleasedate 


Specifies the date of the approved GroupWise client software for your system. See Section 36.2.5, 
“Checking What GroupWise Clients Are in Use,” on page 502. 


Linux POA Windows POA 
Syntax: --gwclientreleasedate mm-dd-yyyy /gwclientreleasedate-mm-dd-yyyy 
Example: --gwclientreleasedate 10-24-2008 /gwclientreleasedate-10-24-2008 


See also --gwclientreleaseversion and --enforceclientversion. 


40.15 --gwclientreleaseversion 


Specifies the version of the approved GroupWise client software for your system. See Section 36.2.5, 
“Checking What GroupWise Clients Are in Use,” on page 502. 


Linux POA Windows POA 
Syntax: --gwclientreleaseversion n.n.n /gwclientreleaseversion-n.n.n 
Example: --gwclientreleaseversion 6.5.6 /gwclientreleaseversion-7.0.0 


See also --gwclientreleasedate and --enforceclientversion. 


40.16 --help 


Displays the POA startup switch Help information. When this switch is used, the POA does not start. 


Linux POA Windows POA 
Syntax: --help /help or /? 
Example: ./gwpoa --help gwpoa.exe /help 
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40.17 


40.18 


40.19 


--home 


Specifies the post office directory, where the POA can find the message and user databases to service. 
There is no default location. You must use this switch in order to start the POA. 


Linux POA Windows POA 


Syntax: --home /dir /home-[drive:]\dir 
/home-\\svr\sharename\dir 


Example: --home /gwsystem/sales /home-\sales 
/home-m:\sales 
/home-\\server2\c\sales 


If you specify a UNC path with the --home switch when you run the POA as a Windows service, you 
must configure the POA service to run under a specific Windows user account. If you specify a local 
directory or a mapped drive, you can configure the POA service to run under the local system 
account. However, running as the Administrator account is highly recommended. 


--httppassword 


Specifies the password for the POA to prompt for before allowing POA status information to be 
displayed in your Web browser. Do not use an existing eDirectory password because the information 
passes over the non-secure connection between your Web browser and the POA. See Section 37.2, 
“Using the POA Web Console,” on page 539. 


Linux POA Windows POA 
Syntax: — --httppassword unique_password /httppassword-unique_password 
Example: --httppassword AgentWatch /httppassword-AgentWatch 


See also --httpuser, --httpport, --httprefresh, and --httpssl. 


--httpport 


Sets the HTTP port number used for the POA to communicate with your Web browser. The default is 
7181; the setting must be unique. See Section 37.2, “Using the POA Web Console,” on page 539. 


Linux POA Windows POA 
Syntax: --httpport port_number Ihttpport-port number 
Example: --httpport 7183 /httpport-7184 


See also --httpuser, --httppassword, --httprefresh, and --httpssl. 
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40.20 


40.21 


40.22 


40.23 


--httprefresh 


Specifies the rate at which the POA refreshes the status information in your Web browser. The default 
is 60 seconds. See Section 37.2, “Using the POA Web Console,” on page 539. 


Linux POA Windows POA 
Syntax: --httprefresh seconds /httprefresh-seconds 
Example: --httprefresh 90 /httprefresh-120 


See also --httpuser, --httppassword, --httpport, and --httpssl. 


--httpssl 


Sets the availability of secure SSL communication between the POA and the POA Web console 
displayed in your Web browser. Valid values are enabled and disabled. See Section 36.3.3, “Securing 
the Post Office with SSL Connections to the POA,” on page 508. 


Linux POA Windows POA 
Syntax: --httpssl setting /httpssl-setting 
Example:  --httpssl enabled /httpssl-enabled 


See also --certfile, --keyfile, and --keypassword. 


--httpuser 


Specifies the user name for the POA to prompt for before allowing POA status information to be 
displayed in a Web browser. Providing a user name is optional. Do not use an existing eDirectory 
user name because the information passes over the non-secure connection between your Web 
browser and the POA. See Section 37.2, “Using the POA Web Console,” on page 539. 


Linux POA Windows POA 
Syntax: --httprefresh unique_name /httprefresh-unique_name 
Example: --httpuser GWWebCon /httpuser-GWWebCon 


See also --httppassword, --httpport, --httprefresh, and --httpssl. 


--imap 


Enables IMAP so that the POA can communicate with IMAP clients. Valid settings are enabled and 
disabled. See Section 36.2.3, “Supporting IMAP Clients,” on page 498. 


Linux POA Windows POA 


Syntax: --imap enabled or disabled /imap-enabled or disabled 
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40.24 


40.25 


40.26 


Linux POA Windows POA 


Example: --imap disabled /imap-enabled 


See also --imapmaxthreads, --imapport, --imapreadlimit, --imapreadnew, --imapssl, and 
--imapsslport. 


--Imapmaxthreads 


Specifies the maximum number of IMAP threads the POA can create to service IMAP clients. The 
default is 40. This setting is appropriate for most systems. See Section 36.2.3, “Supporting IMAP 
Clients,” on page 498. 


Linux POA Windows POA 
Syntax: --imapmaxthreads number /imapmaxthreads-number 
Example: --imapmaxthreads 30 /imapmaxthreads-35 


See also --imap, --imapport, --imapreadlimit, --imapreadnew, --imapssl, and --imapsslport. 


--Imapreadlimit 


Specifies in thousands the maximum number of messages that can be downloaded by an IMAP 
client. For example, specifying 10 represents 10,000. The default is 20,000. The maximum allowed 
limit is 65. The server caches all downloaded items, so setting a high limit could consume more server 
resources than you would prefer the POA to use. 


Linux POA Windows POA 
Syntax: --imapreadlimit number /imapreadlimit-number 
Example: --imapreadlimit 20 /imapreadlimit-50 


See also --imap, --imapmaxthreads, --imapport, --imapreadnew, --imapssl, and --imapsslport. 


--imapreadnew 


By default, the IMAP agent reads items in a folder from the oldest to the newest. As a result, if a 
folder contains more items than are allowed by the --imapreadlimit setting, users receive the older 
items but not the newer items. Enable this switch so that the POA reads items from the newest to the 
oldest. This ensures that users receive all their new items in a timely manner. 


Linux POA Windows POA 


Syntax: --imapreadnew /imapreadnew 


See also --imap, --imapmaxthreads, --imapreadlimit, --imapport, --imapssl, and --imapsslport. 
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40.27 


40.28 


40.29 


40.30 


--Imapport 


Sets the TCP port number used for the POA to communicate with IMAP clients when using a non- 
SSL connection. The default is 143. See Section 36.2.3, “Supporting IMAP Clients,” on page 498. 


Linux POA Windows POA 
Syntax: --imapport port number limapport-port number 
Example: --imapport 146 limapport-147 


See also --imap, --imapmaxthreads, --imapreadlimit, --imapreadnew, --imapssl, and --imapsslport. 


--imapssl 


Sets the availability of secure SSL communication between the POA and IMAP clients. Valid settings 
are enable and disable. See Section 36.3.3, “Securing the Post Office with SSL Connections to the 
POA,” on page 508. 


Linux POA Windows POA 
Syntax: --imapssl setting /imapssl-setting 
Example: — --imapssi enable limapssl-enable 


See also --imap, --imapmaxthreads, --imapport, --imapreadlimit, --imapreadnew, and --imapsslport. 


--Imapsslport 


Sets the TCP port number used for the POA to communicate with IMAP clients when using an SSL 
connection. The default is 993. See Section 36.2.3, “Supporting IMAP Clients,” on page 498. 


Linux POA Windows POA 
Syntax: --imapssiport port number limapsslport-port number 
Example: --imapssiport 995 /imapsslport-996 


See also --imap, --imapmaxthreads, --imapport, --imapreadlimit, --imapreadnew, and --imapssl. 


--incorrectloginattempts 


Specifies the number of unsuccessful login attempts after which lockout occurs. The default is 5 
attempts; valid values range from 3 to 10. See Section 36.3.5, “Enabling Intruder Detection,” on 
page 516. 


Linux POA Windows POA 
Syntax: --incorrectloginattempts number /incorrectloginattempts-number 
Example: --incorrectloginattempts 10 /incorrectloginattempts-10 
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See also --intruderlockout, --attemptsresetinterval, and --lockoutresetinterval. 


40.31 --internalclientssl 


Sets the availability of secure SSL communication between the POA and GroupWise clients that are 
running inside your firewall. Valid values are enabled, required, and disabled. See Section 36.3.3, 
“Securing the Post Office with SSL Connections to the POA,” on page 508. 


Linux POA Windows POA 
Syntax: --internalclientssl setting /internalclientssl-setting 
Example: --internalclientssi required /internalclientssl-required 


See also --certfile, --keyfile, --keypassword, and --port. 


40.32 --intruderlockout 


Turns on intruder lockout processing, using defaults that can be overridden by the 
--incorrectloginattempts, --attemptsresetinterval, and --lockoutresetinterval switches. See 
Section 36.3.5, “Enabling Intruder Detection,” on page 516. 


Linux POA Windows POA 


Syntax: --intruderlockout /intruderlockout 


40.33 --ip 


Binds the POA to a specific IP address when the server where it runs uses multiple IP addresses, such 
as in a clustering environment. The specified IP address is associated with all ports used by the POA 
(HTTP, IMAP, LDAP, and so on.) Without the --ip switch, the POA binds to all available IP addresses 
and users can access the post office through all available IP addresses. See Section 36.1.4, “Binding 
the POA to a Specific IP Address,” on page 490. 


Linux POA Windows POA 
Syntax: --ip IP. address lip-IP. address 

--ip "full DNS. name” lip-"full DNS name” 
Example: --ip 172.16.5.18 lip-172.16.5.18 

--ip "poasvr.provo.novell.com” lip-"poasvr.provo.novell.com” 


See also --cluster. 
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40.34 


40.35 


40.36 


--keyfile 


Specifies the full path to the private file used to provide secure SSL communication between the POA 
and other programs. See Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” 
on page 508. 


Linux POA Windows POA 


Syntax: --keyfile /dir/file /kevyfile-[drive:]\dir\file 
/keyfile-\svr\sharename\dinfile 


Example: --keyfile /certs/gw.key /keyfile-\ssl\gw.key 
/keyfile-m:\ssl\gw.key 
/keyfile-\\server2\c\ssl\gw.key 


See also --certfile and --keypassword. 


--keypassword 


Specifies the password used to encrypt the private SSL key file when it was created. See 
Section 36.3.3, “Securing the Post Office with SSL Connections to the POA,” on page 508. 


Linux POA Windows POA 
Syntax: --keypassword password /keypassword-password 
Example: --keypassword gwssl /keypassword-gwssl 


See also --certfile and --keyfile. 


--language 


Specifies the language to run the POA in, using a two-letter language code. You must install the POA 
in the selected language in order for the POA to display in the selected language. 


The initial default is the language used in the post office. If that language has not been installed, the 
second default is the language used by the operating system. If that language has not been installed, 
the third default is English. You only need to use this switch if you need to override these defaults. 


Linux POA Windows POA 
Syntax: --language code /language-code 
Example: --language de Ilanguage-fr 


Contact your local Novell sales office for information about language availability. See Chapter 7, 
“Multilingual GroupWise Systems,” on page 123 for a list of language codes. 
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40.37 --Idapdisablepwdchg 


Prevents Group Wise users from changing their LDAP passwords by using the Password dialog box 
in the GroupWise client. See “Enabling LDAP Authentication for a Post Office” on page 512. 


Linux POA Windows POA 


Syntax: --Idapdisablepwdchg /Idapdisablepwdchg 


See also --ldapipaddr, --ldapport, --Idapuser, --ldappwd, --Idapuserauthmethod, --ldapssl, 
--Idapsslkey, and --Idaptimeout. 


40.38 --Idapipaddr 


Specifies the LDAP server's network address as either an IP address or a DNS hostname. You can 
specify multiple network addresses to provide failover capabilities for your LDAP servers. See 
“Specifying Failover LDAP Servers (Non-SSL Only)” on page 515. 


Linux POA Windows POA 
Syntax: --Idapipaddr network address Ildapipaddr-network address 
Example: --Idapipaddr 172.16.5.19 /ldapipaddr-172.16.5.20 
--Idapipaddr server1 server2 /ldapipaddr-server1 server2 


If you specify multiple LDAP servers, use a space between each address. When so configured, the 
POA tries to contact the first LDAP server in order to authenticate a user to GroupWise. If that LDAP 
server is down, the POA tries the next LDAP server in the list, and so on until it is able to 
authenticate. 


See also --ldapport, --ldapuser, --Idappwd, --Idapuserauthmethod, --Idapdisablepwdchg, --Idapssl, 
--Idapsslkey, and --Idaptimeout. 


40.39 --Idapippooln 


Specifies a pooled LDAP server’s network address as either an IP address or a DNS hostname. As 
many as five LDAP servers can participate together as a pool; therefore, n ranges from 1 to 5. See 
“Configuring a Pool of LDAP Servers” on page 514. 


Linux POA Windows POA 
Syntax: --Idapippooln network address Ildapippooln-network address 
Example: --Idapippool1 172.16.5.18 /ldapippool1-172.16.5.18 
--Idapippool2 server1 /ldapippool2-server1 
--Idapippool3 172.16.5.19 /Idapippool3-172.16.5.19 


See also --Idapportpooln, --ldapsslpooln, --ldapsslkeypooln, and --ldappoolresettime. 
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40.40 


40.41 


40.42 


40.43 


--Idappoolresettime 


Specifies the number of minutes between the time when the POA receives an error response from a 


pooled LDAP server and the time when that LDAP server is reinstated into the pool of available 


LDAP servers. The default is 5 minutes; valid values range from 1 to 30. See “Configuring a Pool of 


LDAP Servers” on page 514. 


Linux POA Windows POA 
Syntax: --Idappoolresettime minutes Ildappoolresettime-minutes 
Example: --Idappoolresettime 20 Ildappoolresettime-30 


See also --Idapippooln, --ldapportpooln, --Idapsslpooln, and --ldapsslkeypooln. 


--Idapport 


Specifies the port number that the LDAP server listens on for authentication. The default is 389. See 


Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 510. 


Linux POA Windows POA 
Syntax: --Idapport port number /ldapport-port number 
Example: --Idapport 391 /ldapport-392 


See also --Idapipaddr, --Idapuser, --Idappwd, --Idapuserauthmethod, --Idapdisablepwdchg, 
--ldapssl, --Idapsslkey, and --Idaptimeout. 


--Idapportpooln 


Specifies the port number that pooled LDAP server n listens on for authentication. The default is 389. 


See “Configuring a Pool of LDAP Servers” on page 514. 


Linux POA Windows POA 
Syntax: --Idapportpooln port /ldapportpooln-port 
Example: --Idapportpool3 391 /Idapportpool4-392 


See also --Idapippooln, --ldappoolresettime, --ldapsslpooln, and --ldapsslkeypooln. 


--Idappwd 


Provides the password for the LDAP user that the POA uses to log in to the LDAP server. See 
Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” on page 510. 


Linux POA Windows POA 


Syntax: --Idappwd LDAP. password /ldappwd-LDAP. password 
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Linux POA Windows POA 


Example: --Idappwd gwldap /\dappwd-gwidap 


See also --Idapipaddr, --ldapport, --Idapuser, --Idapuserauthmethod, --ldapdisablepwdchg, --ldapssl, 
--Idapsslkey, and --ldaptimeout. 


40.44 --Idapssl 


Indicates to the POA that the LDAP server it is logging in to is using SSL. See Section 36.3.4, 
“Providing LDAP Authentication for GroupWise Users,” on page 510. 


Linux POA Windows POA 


Syntax: --ldapssl /\dapssl 


See also --Idapipaddr, --ldapport, --Idapuser, --ldappwd, --Idapuserauthmethod, 
--Idapdisablepwdchg, --ldapsslkey and --ldaptimeout. 


40.45 --Idapssipooln 


Indicates to the POA that the pooled LDAP server it is logging in to is using SSL. See “Configuring a 
Pool of LDAP Servers” on page 514. 


Linux POA Windows POA 
Syntax: --Idapssipooln /Idapsslpooln 
Example: --Idapssipool3 lIdapssipool4 


See also --Idapippooln, --ldapportpooln, --Idappoolresettime, and --ldapsslkeypooln. 


40.46 --Idapssikey 


Specifies the full path to the SSL key file used with LDAP authentication. See Section 36.3.4, 
“Providing LDAP Authentication for GroupWise Users,” on page 510. 


Linux POA Windows POA 


Syntax: --Idapssikey /dir/file /I\dapsslkey-[drive:}\dir\file 
/Idapsslkey-\\svAsharename\dir\file 


Example: --Idapssikey /certs/gwkey.der /I\dapsslkey-\ldap\gwkey.der 
/\dapsslkey-m:\ldap\gwkey.der 
/Idapsslkey-\\server2\c\ldap\gwkey.der 


See also --Idapipaddr, --ldapport, --Idapuser, --ldappwd, --Idapuserauthmethod, 
--Idapdisablepwdchg, --ldapssl and --ldaptimeout. 
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40.47 --Idapssikeypooln 


Specifies the full path to the SSL key file used with pooled LDAP server n for authentication. See 
“Configuring a Pool of LDAP Servers” on page 514. 


Linux POA Windows POA 


Syntax: --Idapssikeypooln-/dir/file /\dapsslkeypooln-[drive:]\dir\file 
/\dapsslkeypooln-\\svr\sharename\dir\file 


Example: --Idapssikeypool4 /certs/gwkey.der /\dapsslkeypool4-\ldap\gwkey.der 
/Idapsslkeypool4-m:\ldap\gwkey.der 
/I\dapsslkeypool4-\\svr2\c\ldap\gwkey.der 


See also --Idapippooln, --ldapportpooln, --ldappoolresettime, and --ldapsslpooln. 


40.48 --Idaptimeout 


Specifies the number of seconds that the POA connection to the LDAP server can be idle before the 
POA drops the connection. The default is 30 seconds. See Section 36.3.4, “Providing LDAP 
Authentication for GroupWise Users,” on page 510. 


Linux POA Windows POA 
Syntax: --Idaptimeout seconds /ldaptimeout-seconds 
Example: --Idaptimeout 70 Ildaptimeout-80 


See also --Idapipaddr, --ldapport, --Idapuser, --ldappwd, --Idapuserauthmethod, 
--Idapdisablepwdchg, --ldapssl, and --ldapsslkey. 


40.49 --Idapuser 


Specifies the user name that the POA can use to log in to the LDAP server in order to authenticate 
GroupWise client users. See Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” 


on page 510. 

Linux POA Windows POA 
Syntax: --Ildapuser LDAP user ID Ildapuser-LDAP. user ID 
Example: --Idapuser GWAuth /ldapuser-GWAuth 


See also --Idapipaddr, --ldapport, -Idappwd, --Idapuserauthmethod, --ldapdisablepwdchg, --Idapssl, 
and --ldapsslkey, and --ldaptimeout. 
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40.50 


40.51 


40.52 


--Idapuserauthmethod 


Specifies the LDAP user authentication method you want the POA to use when accessing an LDAP 
server. Valid settings are bind and compare. See Section 36.3.4, “Providing LDAP Authentication for 
GroupWise Users,” on page 510. 


Linux POA Windows POA 
Syntax: --Idapuserauthmethod method Ildapuserauthmethod-method 
Example: --Idapuserauthmethod bind /\dapuserauthmethod-compare 


See also --Idapuser, --ldapipaddr, --ldapport, --ldappwd, --ldapdisablepwdchg, --ldapssl, and 
--Idapsslkey, and --Idaptimeout. 


--lockoutresetinterval 


Specifies the length of time the user login is disabled after lockout. The default is 30 minutes; the 
minimum setting is 15; there is no maximum setting. The login can also be manually re-enabled in 
ConsoleOne in the GroupWise Account page of the User object. If --lockoutresetinterval is set to 0 
(zero), the login must be re-enabled manually through ConsoleOne. See Section 36.3.5, “Enabling 
Intruder Detection,” on page 516. 


Linux POA Windows POA 
Syntax: --lockoutresetinterval minutes /lockoutresetinterval-minutes 
Example: --lockoutresetinterval 60 /lockoutresetinterval-90 


See also --intruderlockout, --incorrectloginattempts, and --attemptsresetinterval. 


--log 


Specifies the directory where the POA stores its log files. The default location varies by platform. 


Linux: /var/log/novell/groupwise/post office name.poa 


Windows: post_office\wpcsout\ofs 
For more information, see Section 37.3, “Using POA Log Files,” on page 551. 


Linux POA Windows POA 


Syntax: --log /dir llog-[drive:]\dir 
/log-\\svr\sharename\dir 
Example:  --log /gwsystem/logs /log-\agt\log 
/log-m:\agt\log 
/log-\\server2\c\mail\agt\log 
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You typically find multiple log files in the specified directory. The first four characters represent the 
date. The next three characters identify the agent. A three-digit extension allows for multiple log files 
created on the same day. For example, a log file named 0518poa.001 indicates that it is a POA log 
file, created on May 18. If you restarted the POA on the same day, a new log file is started, named 
0518poa.002. 


See also --loglevel, --logdiskoff, --logdays, and --logmax. 


40.53 --logdays 


Specifies how many days to keep POA log files on disk. The default is 30 days. See Section 37.3, 
“Using POA Log Files,” on page 551. 


Linux POA Windows POA 
Syntax: --logdays days /logdays-days 
Example: --logdays 45 /logdays-60 


See also --log, --loglevel, --logdiskoff, and --logmax. 


40.54 _ --logdiskoff 


Turns off disk logging for the POA so no information about the functioning of the POA is stored on 
disk. The default is for logging to be turned on. See Section 37.3, “Using POA Log Files,” on page 551. 


Linux POA Windows POA 


Syntax: --logdiskoff /logdiskoff 


See also --loglevel. 


40.55 --loglevel 


Controls the amount of information logged by the POA. Logged information is displayed in the log 
message box and written to the POA log file during the current agent session. 


The default is Normal, which displays only the essential information suitable for a smoothly running 
POA. Use Verbose to display the essential information, plus additional information helpful for 
troubleshooting. Verbose logging does not degrade POA performance, but log files saved to disk 
consume more disk space when verbose logging is in use. Diagnostic logging turns on Extensive 
Logging Options and SOAP Logging Options on the POA Web console Log Settings page. See 

Section 37.3, “Using POA Log Files,” on page 551. 


Linux POA Windows POA 
Syntax: --loglevel level lloglevel-level 
Example: --loglevel verbose /loglevel-diagnostic 


See also --log, --logdiskoff, --logdays, and --logmax. 


Using POA Startup Switches 601 


40.56 


40.57 


40.58 


--logmax 


Sets the maximum amount of disk space for all POA log files. When the specified disk space is 
consumed, the POA deletes existing log files, starting with the oldest. The default is 102400 KB (100 
MB). The maximum allowable setting is 102400000 (1 GB). Specify 0 (zero) for unlimited disk space. 
See Section 37.3, “Using POA Log Files,” on page 551. 


Linux POA Windows POA 
Syntax: --logmax kilobytes Ilogmax-kilobytes 
Example: --logmax 130000 /logmax-16000 


See also --log, --loglevel, --logdiskoff, and --logdays. 


--maxappconns 


Sets the maximum number of application connections allowed between the POA and the GroupWise 
clients run by GroupWise users. The default maximum number of application connections is 2048. 
See Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” on page 561. 


Linux POA Windows POA 
Syntax: --maxappconns number /maxappconns-number 
Example: --maxappconns 4096 /maxappconns-5120 


See also --maxphysconns. 


--maxphysconns 


Sets the maximum number of physical TCP/IP connections allowed between the POA and the 
GroupWise clients run by GroupWise users. The default maximum number of physical connections 
is 2048. See Section 38.1.2, “Adjusting the Number of Connections for Client/Server Processing,” on 
page 561. 


Linux POA Windows POA 
Syntax: --maxphysconns number /maxphysconns-number 
Example: --maxphysconns 4096 /maxphysconns-5120 


See also --maxappconns. 
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40.59 --mtpinipaddr 


Specifies the network address of the server where the POA runs, as either an IP address or a DNS 
hostname. See “Using TCP/IP Links between the Post Office and the Domain” on page 487. 


Linux POA Windows POA 
Syntax: --mtpinipaddr network addr /mtpinipaddr-network_addr 
Example: --mtpinipaddr 172.16.5.19 /mtpinipaddr-172.16.5.20 
--mtpinipaddr server2 Imtpinipaddr-server3 


See also --mtpinport, --mtpoutipaddr, --mtpoutport, --mtpsendmax, and --nomtp. 


40.60 --mtpinport 


Sets the message transfer port number the POA listens on for messages from the MTA. The default is 
7101. See “Using TCP/IP Links between the Post Office and the Domain” on page 487. 


Linux POA Windows POA 
Syntax: --mtpinport port number /mtpinport-port number 
Example: --mtpinport 7202 /mtpinport-7203 


See also --mtpinipaddr, --mtpoutipaddr, --mtpoutport, --mtpsendmax, and --nomtp. 


40.61 --mtpoutipaddr 


Specifies the network address of the server where the MTA for the domain runs, as either an IP 
address or a DNS hostname. See “Using TCP/IP Links between the Post Office and the Domain” on 


page 487. 
Linux POA Windows POA 
Syntax: --mtpoutipaddr network_address Imtpoutipaddr-network address 
Example: --mtpoutipaddr 172.16.5.19 Imtpoutipaddr-172.16.5.19 
--mtpoutipaddr server3 /mtpoutipaddr-server4 


See also --mtpinipaddr, --mtpinport, --mtpoutport, --mtpsendmax, and --nomtp. 
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40.62 --mtpoutport 


Specifies the message transfer port number the MTA listens on for messages from the POA. The 
default is 7100. See “Using TCP/IP Links between the Post Office and the Domain” on page 487. 


Linux POA Windows POA 
Syntax: --mtpoutport port number Imtpoutport-port number 
Example: --mtpoutport 7300 /mtpoutport-7400 


See also --mtpinipaddr, --mtpinport, --mtpoutipaddr, --mtpsendmax, and --nomtp. 


40.63 --mtpsendmax 


Sets the maximum size in megabytes for messages being sent outside the post office. By default, 
messages of any size can be transferred to the MTA. See Section 36.2.7, “Restricting Message Size 
between Post Offices,” on page 504. 


Linux POA Windows POA 
Syntax: --mtpsendmax megabytes /mtpsendmax-megabytes 
Example: --mtpsendmax 4 /mtpsendmax-6 


See also --mtpinipaddr, --mtpinport, --mtpoutipaddr, --mtpoutport, and --nomtp. 


40.64 --mtpssl 


Sets the availability of secure SSL communication between the POA and its MTA. Valid settings are 
enabled and disabled. See Section 36.3.3, “Securing the Post Office with SSL Connections to the 
POA,” on page 508. 


Linux POA Windows POA 
Syntax: --mtpssl setting /mtpssl-setting 
Example: --mtpssi enabled /mtpssl-enabled 


See also --certfile, --keyfile and --keypassword. 


40.65 --name 


Specifies the object name of the POA object in the post office. If you have multiple POAs configured 
for the same post office, you must use this switch to specify which POA configuration to use when 
the POA starts. Several useful configurations include multiple POAs for a single post office, as 
described in the following sections: 


+ Section 38.1.3, “Configuring a Dedicated Client/Server POA (Windows Only),” on page 562 


+ Section 38.2.2, “Configuring a Dedicated Message File Processing POA (Windows Only),” on 
page 565 
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40.66 


40.67 


40.68 


+ Section 39.5, “Configuring a Dedicated Indexing POA (Windows Only),” on page 577 


+ Section 38.4.2, “Configuring a Dedicated Database Maintenance POA (Windows Only),” on 
page 568 


Linux POA Windows POA 
Syntax: --name object name /name-object_name 
Example: --name POA2 /name-POA2 


--noada 


Disables the POA admin thread. For an explanation of the POA admin thread, see “POA Admin 
Thread Status Box” on page 529. 


The POA admin thread must run for at least one POA for each post office. However, it can be 
disabled for POAs with specialized functioning where the database update and repair activities of 
the POA admin thread could interfere with other, more urgent processing. 


Linux POA Windows POA 


Syntax: --noada /noada 


Historical Note: In GroupWise 5.2 and earlier, a separate agent, the Administration Agent (ADA), 
handled the functions now consolidated into the POA admin thread. Hence the switch name, 
--noada. 


--nocache 


Disables database caching. The default is for caching to be turned on. Use this switch if your backup 
system cannot back up open files. 


Linux POA Windows POA 


Syntax: --nocache /nocache 


--noconfig 


Ignores any configuration information provided for the POA in ConsoleOne and uses only settings 
from the POA startup file. The default is for the POA to use the information provided in ConsoleOne, 
overridden as needed by settings provided in the startup file or on the command line. 


Linux POA Windows POA 


Syntax: --noconfig /noconfig 
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40.69 


40.70 


40.71 


40.72 


--nodca 


Prevents the POA from starting the Document Converter Agent (DCA). The default is for the POA to 
start the DCA, as described in Section 39.2, “Configuring the Document Converter Agent (DCA),” on 
page 575. 


Linux POA Windows POA 


Syntax: --nodca /nodca 


--hoerrormail 


Prevents problem files from being sent to the GroupWise administrator. The default is for error mail 
to be sent to the administrator. See Section 37.7, “Notifying the Group Wise Administrator,” on 
page 597. 


Linux POA Windows POA 


Syntax: --noerrormail Inoerrormail 


--nogwchk 


Turns off Mailbox/Library Maintenance processing for the POA. The default is for the POA to 
perform Mailbox/Library Maintenance tasks requested from ConsoleOne and configured as POA 
scheduled events. 


Linux POA Windows POA 


Syntax: --nogwchk /nogwchk 


See also --gwchkthreads. 


--nomf 


Turns off all message file processing for the POA. The default is for the POA to process all message 
files. 


Two specialized configurations that require turning off message files are described in Section 38.1.3, 
“Configuring a Dedicated Client/Server POA (Windows Only),” on page 562 and Section 39.5, 
“Configuring a Dedicated Indexing POA (Windows Only),” on page 577. 


Linux POA Windows POA 


Syntax: --nomf /nomf 


See also --nomfhigh and --nomflow. 
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40.73 --nomfhigh 


Turns off processing high priority messages files (message queues 0 and 1). For information about 
message queues, see “Post Office Directory” in GroupWise 2012 Troubleshooting 3: Message Flow and 
Directory Structure. 


Linux POA Windows POA 


Syntax: --nomfhigh /nomfhigh 


See also --nomf and --nomflow. 


40.74 --nomflow 


Turns off processing lower priority messages files (message queues 2 through 7). For information 
about message queues, see “Post Office Directory” in GroupWise 2012 Troubleshooting 3: Message Flow 
and Directory Structure. 


Linux POA Windows POA 


Syntax: --nomflow /nomflow 


See also --nomf and --nomfhigh. 


40.75 --nomtp 


Disables Message Transfer Protocol, so that a TCP/IP link cannot be used between the POA and the 
MTA. See Section 36.1.3, “Changing the Link Protocol between the Post Office and the Domain,” on 
page 487. 


Linux POA Windows POA 


Syntax: --nomtp /nomtp 


See also --mtpinipaddr, --mtpinport, --mtpoutipaddr, --mtpoutport, and --mtpsendmax. 


40.76 --nonuu 


Disables nightly user upkeep. See Section 36.4.3, “Performing Nightly User Upkeep,” on page 523. 


Linux POA Windows POA 


Syntax: --nonuu /nonuu 


See also --nuuoffset. 
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40.77 


40.78 


40.79 


40.80 


--noqf 


Disables the periodic QuickFinder indexing done by the POA. The default is for periodic indexing to 
be turned on. See Section 39.1, “Regulating Indexing,” on page 573. 


Linux POA Windows POA 


Syntax: --nogf Inoqf 


See also --gfinterval, --gfintervalinminute, --gfbaseoffset, and --gfbaseoffsetinminute. 


--hordab 


Disables daily generation of the Group Wise Address Book for Remote users. See Section 36.4.3, 
“Performing Nightly User Upkeep,” on page 523. 


Linux POA Windows POA 


Syntax: --nordab Inordab 


See also --rdaboffset. 


--norecover 


Disables automatic database recovery. The default is for automatic database recovery to be turned on. 


If the POA detects a problem with a database when automatic database recovery has been turned off, 
the POA notifies the administrator, but it does not recover the problem database. The administrator 
can then recover or rebuild the database as needed. See Chapter 26, “Maintaining Domain and Post 
Office Databases,” on page 401. 


Two specialized configurations that require turning off automatic database recovery are described in 
Section 38.1.3, “Configuring a Dedicated Client/Server POA (Windows Only),” on page 562 and 
Section 39.5, “Configuring a Dedicated Indexing POA (Windows Only),” on page 577. 


Linux POA Windows POA 


Syntax: --norecover /norecover 


--nosnmp 


Disables SNMP for the POA. The default is to have SNMP enabled. See Section 37.6, “Using an 
SNMP Management Console,” on page 553. 


Linux POA Windows POA 


Syntax: --nosnmp /nosnmp 
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40.81 


40.82 


40.83 


40.84 


--hotcpip 


Disables TCP/IP communication for the POA. The default is to have TCP/IP communication enabled. 
Use this switch if you do not want this POA to communicate with GroupWise clients using TCP/IP. 


Linux POA Windows POA 


Syntax: --notcpip Inotcpip 


Two specialized configurations that require turning off automatic database recovery are described in 
Section 38.2.2, “Configuring a Dedicated Message File Processing POA (Windows Only)” on 
page 565 and Section 39.5, “Configuring a Dedicated Indexing POA (Windows Only),” on page 577. 


--nuuoffset 


Specifies the number of hours after midnight for the POA to start performing user upkeep. The 
default is 1 hour; valid values range from 0 to 23. See Section 36.4.3, “Performing Nightly User 
Upkeep,” on page 523. 


Linux POA Windows POA 
Syntax: --nuuoffset hours /nuuoffset-hours 
Example: --nuuoffset 3 /nuuoffset-4 


See also --nonuu. 


--password 


Provides the password for the POA to use when accessing post offices or document storage areas on 
remote servers. You can also provide user and password information on the Post Office Settings page 
in ConsoleOne. 


Linux POA Windows POA 
Syntax: --password network_password /password-network_password 
Example: --password GWise /password-GWise 


See also --user. 


--port 


Sets the TCP port number used for the POA to communicate with GroupWise clients in client/server 
access mode. The default is 1677. See Section 36.2.1, “Using Client/Server Access to the Post Office,” 
on page 494. 


Linux POA Windows POA 


Syntax: --port port_number /port-port_number 
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40.85 


40.86 


40.87 


Linux POA Windows POA 


Example: --port 1679 /port-1680 


See also --ip. 


--primingmax 


Sets the maximum number of client/server handler threads that POA can use for priming users’ 
Caching mailboxes. The default is 30 per cent. See Section 36.2.6, “Supporting Forced Mailbox 
Caching,” on page 503. 


Linux POA Windows POA 
Syntax: --primingmax percentage /primingmax-percentage 
Example: --primingmax 50 /primingmax-60 


See also --tcpthreads. 


--(fbaseoffset 


Specifies the number of hours after midnight for the POA to start its indexing cycle as specified by 
the --qfinterval or --qfintervalinminute switch. The default is 20 hours (meaning at 8:00 p.m.); valid 
values range from 0 to 23. See Section 39.1, “Regulating Indexing,” on page 573. 


Linux POA Windows POA 
Syntax: --qfbaseoffset hours lgfbaseoffset-hours 
Example: — --gfbaseoffset 2 /qfbaseoffset-3 


See also --qfbaseoffsetinminute, --gfinterval, --gfintervalinminute, and --nogf. 


--gfbaseoffsetinminute 


Specifies the number of minutes after midnight for the POA to start itsindexing cycle as specified by 
the --gfinterval or --gfintervalinminute switch. The default is 20 hours (1200 minutes, meaning at 8:00 
p-m.). The maximum setting is 1440 (24 hours). See Section 39.1, “Regulating Indexing,” on page 573. 


Linux POA Windows POA 
Syntax: --gfbaseoffsetinminute minutes /qfbaseoffsetinminute-minutes 
Example: — --qfbaseoffset 45 /qfbaseoffset-90 


See also --qfbaseoffset, --gfinterval, --gfintervalinminute, and --nogf. 
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40.88 


40.89 


40.90 


40.91 


--gfdeleteold 


Deletes previous versions of QuickFinder .idx and . inc files to conserve disk space during periods 
of heavy indexing. In general, it is applicable for use only with --qflevel=1, where indexing activities 


are a lower priority task than user activities in their mailboxes. See “Reclaiming Disk Space” on 
page 580. 


Linux POA Windows POA 


Syntax: --gfdeleteold /qfdeleteold 


See also --qflevel, --gfnolibs, --qfnopreproc, --gfnousers, --qfusefidbeg, and --qfuserfidend. 


--qfinterval 


Specifies the interval in hours for the POA to update the QuickFinder indexes in the post office. The 


default is 24 hours. See Section 39.1, “Regulating Indexing,” on page 573. 


Linux POA Windows POA 
Syntax: --gfinterval hours /qfinterval-hours 
Example: --qfinterval-6 /qfinterval-2 


See also --qfbaseoffset, --gfbaseoffsetinminute, --gfintervalinminute, and --nogf. 


--qfintervalinminute 


Specifies the interval in minutes for the POA to update the QuickFinder indexes in the post office. 


The default is 24 hours (1440 minutes). See Section 39.1, “Regulating Indexing,” on page 573. 


Linux POA Windows POA 
Syntax: --qfintervalinminute minutes /qfintervalinminute-minutes 
Example: - --qfintervalinminute 30 /gfintervalinminute-120 


See also --gfinterval, --gfbaseoffset, --gfbaseoffsetinminute, and --nogf. 


--qflevel 


Customizes the way the POA performs indexing. Valid levels are 0 through 3 and 999. See 
“Determining Indexing Priority” on page 580 


Linux POA Windows POA 
Syntax: --qflevel level /qflevel-level 
Example:  --qflevel 3 /qflevel-999 
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40.92 


40.93 


The following table describes the functionality of each level: 


Priority Description 


Level 

0 Index a maximum of 1000 items at a time, rather than the default of 500. 

1 Index a maximum of 500 items at time using a low priority thread. This keeps freguent daytime 
indexing cycles from interfering with users’ activities in their mailboxes. 

2 Index a maximum of 1000 items at a time using a medium priority thread. This allows additional 
items in each database to be processed in each indexing cycle. Use of a medium priority thread 
makes indexing more important than some user activities in their mailboxes. Users might notice 
some slowness in response from the GroupWise client. 

3 Index a maximum of 2000 items at a time using a high priority thread. Use of a high priority thread 
makes indexing more important than many users activities in their mailboxes. Users will notice 
some slowness in response from the GroupWise client. This is warranted only when the 
completion of the indexing immediately is extremely important. 

999 Index constantly until all databases have been indexed, then wait until the next indexing cycle set 


on the QuickFinder property page of the POA object before starting to index again. 


See also --qfdeleteold, --gfnolibs, --qfnopreproc, --qfnousers, --gfusefidbeg, and --qfuserfidend. 


--qfnolibs 


Suppresses QuickFinder indexing of documents in libraries in favor of indexing user mailbox 
contents. For full suppression, use --qfnopreproc as well. See “Determining What to Index” on 
page 579 


Linux POA Windows POA 


Syntax: --qfnolibs /qfnolibs 


See also --qfdeleteold, --qflevel, --gfnopreproc, --qfnousers, --qfusefidbeg, and --qfuserfidend. 


--gfnopreproc 


Suppresses generation of document word lists that are normally written to user databases when 
libraries are indexed. Use with --gfnolibs. See “Determining What to Index” on page 579. 


Linux POA Windows POA 


Syntax: --qfnopreproc /qfnopreproc 


See also --qfdeleteold, --qflevel, --qfnolibs, --qfnousers, --qfusefidbeg, and --qfuserfidend. 
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40.94 


40.95 


40.96 


--gfnousers 


Suppresses QuickFinder indexing of user mailbox contents in favor of indexing documents in 
libraries. See “Determining What to Index” on page 579. 


Linux POA Windows POA 


Syntax: --qfnousers /qfnouser 


See also --qfdeleteold, --qflevel, --qfnolibs, --qfnopreproc, --qfusefidbeg, and --qfuserfidend. 


--qfuserfidbeg 


Specifies the beginning of a range of FIDs associated with user databases (userxxx. db) that you want 
to index. The xxx in the user database file name is the FID. To determine what FIDs are in use, list the 
contents of the ofuser directory in the post office directory. See “Determining What to Index” on 
page 579. 


Linux POA Windows POA 
Syntax: --qfuserfidbeg fid /qfuserfidbeg-fid 
Example: — --gfuserfidbeg 7ck /qfuserfidbeg-7j6 


See also --qfdeleteold, --qflevel, --qfnolibs, --qfnopreproc, --qfnousers, and --qfuserfidend. 


--qfuserfidend 


Specifies the end of a range of FIDs associated with user databases (userxxx.db) that you want to 
index. The xxx in the user database file name is the FID. To determine what FIDs are in use, list the 
contents of the ofuser directory in the post office directory. See “Determining What to Index” on 
page 579. 


Linux POA Windows POA 
Syntax: --qfuserfidend fid /qfuserfidend-fid 
Example: — --qfuserfidbeg x9c /qfuserfidbeg-zzf 


If you want to index just one user database, use the same FID with the --qfuserfidbeg switch and the 
--qfuserfidend switch. To determine a user’s FID, click Help > About GroupWise in the GroupWise 
client. In Online mode, the FID is displayed after the user name. In Caching or Remote mode, the FID 
is the last three characters of the Caching or Remote directory name (for example, gwstr7bh). 


See also --qfdeleteold, --qflevel, --qfnolibs, --qfnopreproc, --qfnousers, and --qfuserfidbeg. 
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40.97 


40.98 


40.99 


--rdaboffset 


Specifies the number of hours after midnight for the POA to generate the daily copy of the 
GroupWise Address Book for Remote users. The default is 0; valid values range from 0 to 23. See 
Section 36.4.3, “Performing Nightly User Upkeep,” on page 523. 


Linux POA Windows POA 
Syntax: --rdaboffset hours /rdaboffset-hours 
Example: --rdaboffset 3 /rdaboffset-4 


See also --nordab. 


--rights 


Verifies that the POA has the required network rights or permissions to all directories where it needs 
access in the post office directory. 


When it is started with this switch, the POA lists directories it is checking, which can be a lengthy 
process. Use this switch on an as needed basis, not in the POA startup file. If the POA encounters 
inadequate rights or permissions, it indicates the problem and shuts down. 


Linux POA Windows POA 


Syntax: --rights /rights 


--Show 


Starts the Linux POA with a server console interface similar to that provided for the Windows POA. 
This user interface requires that the X Window System and Open Motif are running on the Linux 
server. 


Linux POA Windows POA 


Syntax: --show N/A 


The --show switch cannot be used in the POA startup file. However, if you want the POA to start 
with a user interface when you run the grpwise script or when the server reboots, you can configure 
the GroupWise High Availability service (gwha) to accomplish this, as described in “Configuring the 
GroupWise High Availability Service in the gwha.conf File” in “Installing GroupWise Agents” in the 
GroupWise 2012 Installation Guide. 
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40.100  --soap 


Enables SOAP so that the POA can communicate with SOAP clients. Valid settings are enabled and 
disabled. See Section 36.2.4, “Supporting SOAP Clients,” on page 499. 


Linux POA Windows POA 
Syntax: --soap enabled or disabled /soap-enabled or disabled 
Example: --soap enabled /soap-disabled 


See also --soapmaxthreads, --soapport, --soapsizelimit, --soapssl, and --soapthreads. 


40.101 --soapmaxthreads 


Specifies the maximum number of SOAP threads the POA can create to service SOAP clients. The 
default is 4; the maximum is 40. This setting is appropriate for most systems. See Section 36.2.4, 
“Supporting SOAP Clients,” on page 499. 


Linux POA Windows POA 
Syntax: --soapmaxthreads number /soapmaxthreads-number 
Example: --soapmaxthreads 20 /soapmaxthreads-30 


See also --soap, --soapport, --soapsizelimit, --soapssl, and --soapthreads. 


40.102 --soapport 


Sets the TCP port number used for the POA to communicate with SOAP clients. The default is 7191. 
See Section 36.2.4, “Supporting SOAP Clients,” on page 499. 


Linux POA Windows POA 
Syntax: --soapport port number Isoapport-port number 
Example: --soapport 146 /soapport-147 


See also --soap, --soapmaxthreads, --soapsizelimit, --soapssl, and --soapthreads. 


40.103 --soapsizelimit 


Sets the maximum amount of data that the POA can return in a single request from a SOAP client. 
The default is 1024 KB (1 MB), which is the recommended setting. The maximum allowed setting is 
65534 (64 MB). Specify 0 (zero) if you do not want the POA to check the data size. 


Linux POA Windows POA 
Syntax: --soapsizelimit kilobytes /soapsizelimit-kilobytes 
Example: --soapsizelimit 2048 /soapsizelimit-2048 
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40.104 


40.105 


40.106 


See also --soap, --soapmaxthreads, --soapport, --soapssl, and --soapthreads. 


--SOapssl 


Sets the availability of secure SSL communication between the POA and SOAP clients. Valid settings 
are enable and disable. See Section 36.3.3, “Securing the Post Office with SSL Connections to the 
POA,” on page 508. 


Linux POA Windows POA 
Syntax: --Soapssl setting /soapssl-setting 
Example: — --soapssi enable /soapssl-enable 


See also --soap, --soapmaxthreads, --soapport, --soapsizelimit, and --soapthreads. 


--soapthreads 


Sets the initial number of SOAP threads that the POA starts to service SOAP clients. The default is 4. 
The POA automatically starts additional threads as needed. See Section 36.2.4, “Supporting SOAP 
Clients,” on page 499. 


Linux POA Windows POA 
Syntax: --soapthreads number /soapthreads-number 
Example: --soapthreads 8 /soapthreads-10 


See also --soap, --soapmaxthreads, --soapport, --soapsizelimit, and --soapssl. 


--tcpthreads 


Specifies the maximum number of client/server handler threads the POA can create to service client/ 
server requests. The default is 10; valid values range from 1 to 99. Plan on about one client/server 
handler thread per 20-30 client/server users. See Section 38.1.1, “Adjusting the Number of POA 
Threads for Client/Server Processing,” on page 559. 


Linux POA Windows POA 
Syntax: --tcpthreads number /tcpthreads-number 
Example: --tcpthreads 30 /tcpthreads-50 


See also --primingmax. 
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40.107 


40.108 


40.109 


--threads 


Specifies the maximum number of message handler threads the POA can create. The default is 8; 
valid values range from 1 to 20. See Section 38.2.1, “Adjusting the Number of POA Threads for 
Message File Processing,” on page 564. 


Linux POA Windows POA 
Syntax: --threads number /threads-number 
Example: --threads 15 /threads-20 


--usedva 


Configures the POA to use the DVA instead of the DCA to convert documents into HTML format for 
indexing. See Section 39.3, “Enabling the Document Viewer Agent (DVA) for Indexing,” on page 576. 


Linux POA Windows POA 


Syntax: --usedva lusedva 


See also --dvanipaddr, --dvanport, and --dvanssl. 


--user 


Provides the network user ID for the POA to use when accessing post offices and/or document 
storage areas on remote servers. You can also provide user and password information on the Post 
Office Settings page in ConsoleOne. 


Linux POA Windows POA 
Syntax: --user Linux_user_ID /user-Windows_user_ID 
Example: --user GWAgents luser-GWAgents 
Linux: On OES Linux, the Linux user. ID is a Linux-enabled user that the POA can use to log in to the 


remote OES Linux server. On SLES Linux, it is a standard Linux user. 


Windows: The Windows. user IDis a user that the POA can use to log in to the remote Windows server. 


See also --password. 


Windows Note: The Windows POA gains access to the post office directory when it starts. However, 
a particular user might attempt to access a remote document storage area to which the POA does not 
yet have a drive mapping available. By default, the POA attempts to map a drive using the same user 
ID and password it used to access the post office directory. If the user ID and password for the remote 
storage area are different from the post office, use the --user and --password switches to specify the 
needed user ID and password. You can also provide user and password information on the Post 
Office Settings page in ConsoleOne. However, it is preferable to use the same user ID and password 
on all servers where the POA needs access. 
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Message Transfer Agent 


+ Chapter 41, “Understanding Message Transfer between Domains and Post Offices,” on page 621 
* Chapter 42, “Configuring the MTA,” on page 627 

* Chapter 43, “Monitoring the MTA,” on page 659 

* Chapter 44, “Optimizing the MTA,” on page 685 

* Chapter 45, “Using MTA Startup Switches,” on page 693 


For a complete list of port numbers used by the MTA, see Section A.4, “Message Transfer Agent Port 
Numbers,” on page 1169. 


For detailed Linux-specific MTA information, see Appendix C, “Linux Commands, Directories, and 
Files for GroupWise Administration,” on page 1179. 


For additional assistance in managing the MTA, see GroupWise Best Practices (http:// 
wiki.novell.com/index.php/Group Wise). 
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Understanding Message Transfer 
between Domains and Post Offices 


A domain organizes post offices into a logical grouping for addressing, routing, and administration 
purposes in your GroupWise system. Messages are transferred between post offices and domains by 
the Message Transfer Agent (MTA). The following topics help you understand domains and the 
functions of the MTA: 


+ Section 41.1, “Domain Representation in ConsoleOne,” on page 621 

+ Section 41.2, “Domain Directory Structure,” on page 622 

+ Section 41.3, “Information Stored in the Domain,” on page 622 

+ Section 41.4, “Role of the Message Transfer Agent,” on page 624 

+ Section 41.5, “Link Configuration between Domains and Post Offices,” on page 624 


+ Section 41.6, “Message Flow between Domains and Post Offices,” on page 624 


41.1 Domain Representation in ConsoleOne 


In ConsoleOne, domains are container objects that contain an MTA object, as well as other domain- 
related objects, as shown below: 


Novell ConsoleOne 
File Edit View Tools Help 


H/@/F|BO|a|a) Hela 


=) CORP. TREE 2l [2 Ta 

4 GroupWise Ap GWIA 
# QA Administration 
Qa Development 
Qa Legal 
Ei Q Marketing 
2 @ Provo] 
m- Provo2 
H-Q Provo3 
H-Q Provo4 
Ei Q Sales 
H-Q Staff 
(8- a Support 
H-E Waltharnt 
H-A Waltham2 


User: admin. Docdey Novell free: CORP. TREE 


Although each post office is linked to a domain, it does not display as subordinate to the domain in 
the Console View. However, using the GroupWise View, you can display post offices as subordinate 
to the domains to which they are linked in your GroupWise system. 
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Novell ConsoleOne DER 


File Edit View Tools Help 


f= t Domains [= | 


a] | Domain Name | Domain Type 


H- Waltham2 Provot Primary 
H- Novell (E) Provo2 Secondary 


FA Security @ Provo3 Secondary 
(Gi pi NOVELL INC @ Provos 


32-28 CEE 
SQ Provo1 
H-Q Development 
Ej Ga Legal 
= Provo2 
Ej CR Sales 
(8-Ga Support 
2 Provo3 
&-@à Marketing “| 


@ Provo4 M 


[corporate Mail Provoi K'\gwsystemiprovol 


Secondary 


41.2 Domain Directory Structure 


Physically, a domain consists of a set of directories that house all the information stored in the 
domain. See “Domain Directory” in GroupWise 2012 Troubleshooting 3: Message Flow and Directory 
Structure. 


41.3 Information Stored in the Domain 


The following types of information are stored in the domain: 


+ Section 41.3.1, “Domain Database,” on page 622 
+ Section 41.3.2, “Agent Input/Output Queues in the Domain,” on page 623 
+ Section 41.3.3, “Gateways,” on page 623 
No messages are stored in the domain, so GroupWise client users do not need access to the domain 


directory. The only person who needs file access to the domain directory is the GroupWise 
administrator. 


41.3.1 Domain Database 


The domain database (wpdomain.db) contains all administrative information for the domain, 
including: 
+ Address information about all Group Wise objects (such as users, resources, post offices, and 
gateways in the domain) 
+ System configuration and linking information for the domain's MTA 


+ Address and message routing information to other domains 


The first domain you create is the primary domain. In the primary domain, the wpdomain. db file 
contains all administrative information for your entire GroupWise system (all its domains, post 
offices, users, and so on). Because the wpdomain. db file in the primary domain is so crucial, you 
should back it up regularly and keep it secure. See Section 31.1, “Backing Up a Domain,” on 
page 431. 


You can re-create your entire Group Wise system from the primary domain wpdomain. db file; 
however, if the primary domain wpdomain. db file becomes unusable, you can no longer make 
administrative updates to your GroupWise system. 
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41.3.2 


41.3.3 


Secondary domains are automatically synchronized to match the primary domain. 


Agent Input/Output Queues in the Domain 


Each domain contains agent input/output gueues where messages are deposited and picked up for 
processing by the MTA. 


For a mapped or UNC link between domains, the MTA requires read/write access rights to its input/ 
output queues in the other domains. For a TCP/IP link, no access rights are required because 
messages are communicated by way of TCP/IP. 


For illustrations of the processes presented below, see Section 41.6, “Message Flow between Domains 
and Post Offices,” on page 624. 


MTA Input Oueue in the Domain 


The MTA input queue in the local domain (domain\wpcsin) is where MTAs for other domains 
deposit user messages for the local MTA to route to local post offices or to route to other domains. 
Thus, the MTA input gueue in the local domain is the output gueue for the MTAs in many other 
domains. 


The MTA does not have an output gueue for user messages in the local domain. Because its primary 
task is routing messages, the local MTA has output gueues in all post offices in the domain. See “POA 
Input Queue in the Post Office” on page 475. The local MTA also has output queues in all domains to 
which it is directly linked. 


MTA Output Oueue in the Domain 


The MTA output queue in the local domain (domain\wpcsout \ads) is where the MTA deposits 
administrative messages from other domains for the MTA admin thread to pick up. 


MTA Admin Thread Input Oueue in the Domain 
The MTA admin thread input queue (domainXwpcsout \ads) is, of course, the same as the MTA 


output gueue in the local domain. The MTA admin thread picks up administrative messages 
deposited in the gueue by the MTA and updates the domain database. 


MTA Admin Thread Output Oueue in the Domain 


The MTA admin thread output queue (domain\wpcsin) is the same as the MTA input queue in the 
local domain. The MTA admin thread deposits administrative messages in the gueue for replication 
to other domains. 


Gateways 


Gateways are installed and configured at the domain level of your GroupWise system. 


NOTE: GroupWise gateways are legacy products that are not supported with the current GroupWise 
version. 
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41.4 Role of the Message Transfer Agent 


You must run an MTA for each domain. The MTA: 


41.5 


41.6 
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+ 


+ 


+ 


Routes messages between post offices in the local domain. 
Routes messages between domains. 
Routes messages to and from gateways installed in the local domain. 


Routes messages between GroupWise systems across the Internet if appropriate DNS lookup 
capabilities have been set up. 


See “Using Dynamic Internet Links” in “Connecting to Other GroupWise Systems” in the 
GroupWise 2012 Multi-System Administration Guide. 


Schedules routing of messages across expensive links. 

See Section 42.3.2, “Scheduling Direct Domain Links,” on page 647. 

Controls the size of messages that can pass across links. 

See Section 42.2.1, “Restricting Message Size between Domains,” on page 642. 


Updates the domain database (wpdomain.db) whenever GroupWise users, resources, post 
offices, or other Group Wise objects are added, modified, or deleted. 


Replicates updates to all domains and post offices throughout your GroupWise system. This 
keeps the Address Book up-to-date for all GroupWise users. 


Synchronizes GroupWise user information with Novell eDirectory user information. This 
handles updates made in ConsoleOne without the GroupWise Administrator snap-in running. 


See Section 42.4.1, “Using eDirectory User Synchronization,” on page 652. 

Synchronizes GroupWise object information throughout your GroupWise system as needed. 
Detects and repairs invalid information in the domain database (wpdomain. db). 

Provides logging and statistics about GroupWise message flow. 


See Section 42.4.2, “Enabling MTA Message Logging,” on page 657. 


Link Configuration between Domains and Post Offices 


In GroupWise, a link is defined as the information required to route messages between domains, post 
offices, and gateways in a GroupWise system. Links are created and configured when new domains, 
post offices, and gateways are created. 


For more specific information about how domains are linked to each other, and about how domains 
and post offices are linked, see Chapter 10, “Managing the Links between Domains and Post Offices,” 
on page 155. 


+ 


+ 


Message Flow between Domains and Post Offices 


Section 41.6.1, “Message Flow between Post Offices in the Same Domain,” on page 625 


Section 41.6.2, “Message Flow between Different Domains,” on page 625 
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41.6.1 Message Flow between Post Offices in the Same Domain 


To see what happens to message flow within the domain when the domain is closed, view the 
following message flow diagrams: 


+ “TCP/IP Link Open: Transfer between Post Offices Successful” 
+ “TCP/IP Link Closed: Transfer between Post Offices Delayed” 


These diagrams are found in “Message Delivery to a Different Post Office” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. 


41.6.2 Message Flow between Different Domains 


To see what happens to message flow when the destination domain is closed, view the following 
message flow diagrams: 


+ “TCP/IP Link Open: Transfer between Domains Successful” 
+ “TCP/IP Link Closed: Transfer between Domains Delayed” 


These diagrams are found in “Message Delivery to a Different Domain” in GroupWise 2012 
Troubleshooting 3: Message Flow and Directory Structure. 


Understanding Message Transfer between Domains and Post Offices 625 


626 GroupWise 2012 Administration Guide 


Configuring the MTA 


For MTA system reguirements, see “Agent System Reguirements” in the GroupWise 2012 Installation 
Guide. For detailed instructions about installing and starting the MTA for the first time, see 
“Installing GroupWise Agents” in the GroupWise 2012 Installation Guide. 


As your GroupWise system grows and evolves, you will probably need to modify MTA configuration 
to meet changing system needs. The following topics help you configure the MTA: 


+ Section 42.1, “Performing Creating an MTA Object in eDirectory 
Basic MTA Configuration,” on Configuring the MTA in ConsoleOne 
page 627 Changing the Link Protocol between Domains 


Changing the Link Protocol between a Domain and Its Post Offices 
Binding the MTA to a Specific IP Address 

Moving the MTA to a Different Server 

Adjusting the MTA for a New Location of a Domain or Post Office 
Adjusting the MTA Logging Level and Other Log Settings 


+ Section 42.2, “Configuring Restricting Message Size between Domains 
User Access through the Securing the Domain with SSL Connections to the MTA 
Domain,” on page 642 
+ Section 42.3, “Configuring Using Routing Domains 
Specialized Routing,” on Scheduling Direct Domain Links 
page 645 Using a Transfer Pull Configuration (Windows Only) 
+ Section 42.4, “Configuring Using eDirectory User Synchronization 
Domain Maintenance,” on Enabling MTA Message Logging 
page 652 


42.1 Performing Basic MTA Configuration 


MTA configuration information is stored as properties of its MTA object in eDirectory. The following 
topics help you modify the MTA object in ConsoleOne and change MTA configuration to meet 
changing system configurations: 

+ Section 42.1.1, “Creating an MTA Object in eDirectory,” on page 628 

+ Section 42.1.2, “Configuring the MTA in ConsoleOne,” on page 629 

+ Section 42.1.3, “Changing the Link Protocol between Domains,” on page 632 

+ Section 42.1.4, “Changing the Link Protocol between a Domain and Its Post Offices,” on page 636 

+ Section 42.1.5, “Binding the MTA to a Specific IP Address,” on page 639 

+ Section 42.1.6, “Moving the MTA to a Different Server,” on page 640 

+ Section 42.1.7, “Adjusting the MTA for a New Location of a Domain or Post Office,” on page 640 

+ Section 42.1.8, “Adjusting the MTA Logging Level and Other Log Settings,” on page 641 
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42.1.1 


Creating an MTA Object in eDirectory 


When you create a new domain, an MTA object is automatically created for it. If the original MTA 
object for a domain is accidently deleted, you can create a new one for it. Do not attempt to create 
more than one MTA object for a domain. 


To create a new MTA object in Novell eDirectory: 


1 In ConsoleOne, browse to and right-click the Domain object for which you need to create an 


MTA object, then click New. 


2 Double-click GroupWise Agent to display the Create GroupWise Agent dialog box. 


Create GroupWise Agent 


Agent Name: 


Type: 


[ Define additional properties 


[ Create another agent 


Type a unigue name for the new MTA. The name can include as many as 8 characters. Do not 
use any of the following invalid characters in the name: 


ASCII characters 0-31 Comma, 


Asterisk * Double quote " 

At sign @ Extended ASCII characters that are graphical or typographical symbols; 
accented characters in the extended range can be used 

Backslash \ Parentheses ( ) 

Braces { } Period . 

Colon : Slash / 


The Type field is automatically set to Message Transfer. 


4 Select Define Additional Properties. 


Click OK. 
The MTA object is automatically placed within the Domain object. 


Review the information displayed for the first four fields on the Identification page to ensure 
that you are creating the correct type of Agent object in the correct location. 
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Properties of MTA 
NDS Rights + | Other | Rights to Files and Folders 


Domain: Provo1 
Distinguished Name: MTA Provo1 GroupWise 
Name: MTA 


Agent Type: Message Transfer 


Description: ää Message Transfer Agent 


Platform: [Linux 


Page Options... 


7 Inthe Description field, type one or more lines of text describing the MTA. This description 
displays on the MTA server console as the MTA runs. 


If multiple administrators work at the server where the MTA will run, the description includes a 
note about who to contact before stopping the MTA. When running multiple MTAs on the same 
server, the description should uniguely identify each one. See Chapter 43, “Monitoring the 
MTA,” on page 659. 


8 Inthe Platform field, select the platform (Linux or Windows) where the MTA will run. 
9 Continue with Section 42.1.2, “Configuring the MTA in ConsoleOne,” on page 629. 


42.1.2 Configuring the MTA in ConsoleOne 


The advantage to configuring the MTA in ConsoleOne, as opposed to using startup switches in an 
MTA startup file, is that the MTA configuration settings are stored in eDirectory. 


1 In ConsoleOne, expand the eDirectory container where the Domain object is located. 


2 Expand the Domain object. 
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3 Right-click the MTA object, then click Properties. 


Properties of MTA 
NDS Rights + | Other | Rights to Files and Folders 


Domain: Provo1 
Distinguished Name: MTA.Provo1 GroupWise 
Name: MTA 


Agent Type: Message Transfer 


Description: jäi Message Transfer Agent 


Platform: [Linux 


Page Options... |_ cance: | 


The table below summarizes the MTA configuration settings in the MTA object properties pages and 
how they correspond to MTA startup switches (as described in Chapter 45, “Using MTA Startup 
Switches,” on page 693): 


ConsoleOne Properties Pages and Corresponding Tasks and Startup Switches 
Settings 


Information Page 


Domain See Section 42.1.1, “Creating an MTA Object in eDirectory,” on 
Distinguished Name page 628. 

Name 

Agent Type 

Description 

Platform 


Agent Settings Page 


Scan Cycle See Section 44.2.2, “Adjusting MTA Polling of Input Queues in the 
Scan High Domain, Post Offices, and Gateways,” on page 686. 


See also --cyhi and --cylo. 


Attach Retry See Section 44.4, “Adjusting MTA Polling of Closed Locations,” on 
page 690. 


Enable Automatic Database Recovery See --norecover. 


Use 2nd High Priority Scanner See Section 44.2.3, “Adjusting the Number of MTA Scanner Threads 
Use 2nd Mail Priority Scanner for the Domain and Post Offices,” on page 688. 


See also --fast0 and --fast4. 


SNMP Community "Get" String See Section 43.6, “Using an SNMP Management Console,” on 
page 679. 
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ConsoleOne Properties Pages and 
Settings 


HTTP User Name 

HTTP Password 
Network Address Page 
TCP/IP Address 


Bind Exclusively to TCP/IP Address 


Message Transfer 


HTTP 


Log Settings Page 


Log File Path 
Logging Level 

Max Log File Age 
Max Log Disk Space 


Message Log Settings Page 


Message Logging Level 
Message Log File Path 


Scheduled Events Page 


eDirectory User Synchronization 
Event 


Routing Options Page 


Default Routing Domain 


Force All Messages to Default Routing 
Domain 


Allow MTA to Send Directly to Other 
GroupWise Systems 


MTA SSL Settings Page 


Corresponding Tasks and Startup Switches 


See Section 43.2.1, “Setting Up the MTA Web Console,” on page 669. 


See also --httpuser and --httppassword. 


See “Using TCP/IP Links between Domains” on page 632 and “Using 
TCP/IP Links between a Domain and its Post Offices” on page 637. 


See also --ip and --tcpport. 


See Section 42.1.5, “Binding the MTA to a Specific IP Address,” on 
page 639. 


See also --ip. 

See “Using TCP/IP Links between Domains” on page 632. 

See also --msgtranssl. 

See Section 43.2.1, “Setting Up the MTA Web Console,” on page 669. 


See also --httpssl. 


See Section 43.3, “Using MTA Log Files,” on page 677. 


See also --log, --logdays, --logdiskoff, --loglevel, and --logmax. 


See Section 42.4.2, “Enabling MTA Message Logging,” on page 657. 


See also --messagelogsettings, --messagelogpath, 
--messagelogdays, and --messagelogmaxsize. 


See Section 42.4.1, “Using eDirectory User Synchronization,” on 
page 652. 


See also --nondssync. 


See Section 42.3.1, “Using Routing Domains,” on page 645. 


See also --defaultroutingdomain. 


See “Using Dynamic Internet Links” in “Connecting to Other 
GroupWise Systems” in the GroupWise 2012 Multi-System 
Administration Guide. 


See also --nodns. 


Configuring the MTA 


631 


42.1.3 


ConsoleOne Properties Pages and Corresponding Tasks and Startup Switches 
Settings 


Certificate File See Section 42.2.2, “Securing the Domain with SSL Connections to 
SSL Key File the MTA,” on page 643. 
Password 


See also --certfile, --keyfile and --keypassword. 


After you install the MTA software, you can further configure the MTA using a startup file. To survey 
the many ways the MTA can be configured, see Chapter 45, “Using MTA Startup Switches,” on 
page 693. 


Changing the Link Protocol between Domains 


How MTAs for different domains communicate with each other is determined by the link protocol in 
use between the domains. Typically, inbound and outbound links for a domain use the same link 
protocol, but this is not required. For a review of link protocols, see Section 10.1.3, “Link Protocols for 
Direct Links,” on page 159. 


If you originally set up an MTA using one link protocol and need to change to a different one, some 
reconfiguration of the MTA is necessary. 

+ “Using TCP/IP Links between Domains” on page 632 

+ “Using Mapped or UNC Links between Domains” on page 635 


+ “Using Gateway Links between Domains” on page 636 


NOTE: The Linux MTA does not support mapped or UNC links between domains. TCP/IP links are 
required. 


Using TCP/IP Links between Domains 


To set up TCP/IP links between domains, you must perform the following two tasks: 


+ “Configuring the MTA for TCP/IP” on page 632 
+ “Changing the Link Protocol between Domains to TCP/IP” on page 634 


Configuring the MTA for TCP/IP 


1 Make sure TCP/IP is properly set up on the server where the MTA is running. 
2 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
3 Click GroupWise > Network Address to display the Network Address page. 
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Properties of MTA 


GroupWise ~ | NDS Rights v | Other | Rights to Files and Folders | 
Network Address 


TCPAP Address: [172.16.5.18 


IPX/SPX Address: [ 


1 Bind Exclusively to TCPAP Address 


Port SSL 
Message Transfer: 7100 $ Disabled x | 


HTTP: 7180 $| [Disabled ~ | 


Page Options... Cancel | Apply | Help | 


4 On the Network Address page, click the pencil icon for the TCP/IP Address field to display the 
Edit Network Address dialog box. 


Edit Network Address 


TCPAP Address 


© IP Address: 


(° DNS Host Name: ibd-oes.provo.novell.com 


Cancel Help 


5 Select IP Address, then provide the IP address, in dotted decimal format, of the server where the 
MTA is running. 


or 
Select DNS Host Name, then provide the DNS hostname of the server where the MTA is running. 


IMPORTANT: The MTA must run on a server that has a static IP address. DHCP cannot be used 
to dynamically assign an IP address for it. 


Specifying the DNS hostname rather than the IP address makes it easier to move the MTA from 
one server to another, should the need arise at a later time. You can assign a new IP address to 
the hostname in DNS, without changing the MTA configuration information in ConsoleOne. 


6 Click OK. 


7 To use a TCP port number other than the default port of 7100, type the port number in the 
Message Transfer Port field. 


If multiple MTAs will run on the same server, each MTA must have a unique TCP port number. 


8 For optimum security, select Enabled in the SSL drop-down list for the message transfer port. For 
more information, see Section 42.2.2, “Securing the Domain with SSL Connections to the MTA,” 
on page 643. 


9 Click OK to save the network address and return to the main ConsoleOne window. 
ConsoleOne then notifies the MTA to restart enabled for TCP/IP. 
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Corresponding Startup Switches: You can also use the --ip and --tcpport switches in the MTA 
startup file to provide the IP address and the message transfer port number. 


MTA Web Console: You can view the MTA TCP/IP information on the Configuration page under the 
TCP/IP Settings heading. 


Changing the Link Protocol between Domains to TCP/IP 
Make sure you have configured the MTA for TCP/IP at both ends of each link. 
To change the link between the domains from mapped or UNC to TCP/IP: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 
2 Click View > Domain Links to display domain links. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 
File Edit Search View Window Help 


| EM 7| QIN) (| rover em 3 lM 


Domain: Provo1 
Outbound Links from Provo1 
rDirect rindirect r Gateway Undefined 

%, Provo2 ‘1 Provo4 (Provo3) 

%, Provo3 


rindirect 
°$ Provos (Provo2) 


3 Select the MTA's local domain in the drop-down list. 
Outbound and inbound links for the selected domain are listed. 
4 Double-click a domain in the Outbound Links list. 


KS Edit Domain Link 
Description: How Provoi connects to Provo3 
LhkiType: Pret z] Cancel 
Settings ——— = 


Protocol: 


IP Address: |ibd-Inx.provo.novell.com : 7100 Z Scheduling... 


T Override 


Maximum send message size: 0 + MBytes 
Delay message size: 0 + MBytes 


Transfer Pull Info... External Link Info... 


5 Set Link Type to Direct. 
6 Set Protocol to TCP/IP. 


Make sure the information displayed in the IP Address and MT Port fields matches the 
information for the MTA for the domain to which you are linking. 


7 Click OK. 
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8 Repeat Step 4 through Step 7 for each domain in the Outbound Links list where you want the 
MTA to use a TCPA link. 


Selecting multiple domains is also allowed. 
9 Double-click a domain in the Inbound Links list. 
10 Set Link Type to Direct. 
11 Set Protocol to TCP/IP. 


Make sure the information displayed in the IP Address and MT Port fields matches the 
information you supplied in “Configuring the MTA for TCP/IP” on page 632. 


12 Click OK. 


13 Repeat Step 9 through Step 12 for each domain in the Inbound Links list where you want the MTA 
to use a TCP/IP link. 


Selecting multiple domains is also allowed. 
14 Click File > Exit > Yes to save the link changes. 


ConsoleOne then notifies the MTA to restart with the new link configuration. 


For a sample message flow for this configuration, see “TCP/IP Link Open: Transfer between Domains 
Successful” in “Message Delivery to a Different Domain” in GroupWise 2012 Troubleshooting 3: 
Message Flow and Directory Structure. 


Using Mapped or UNC Links between Domains 


To change to a mapped or UNC link between domains: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 
2 Click View > Domain Links to display domain links. 
Select the MTA's local domain in the drop-down list. 


w 


Outbound and inbound links for the selected domain are listed. 

Double-click a domain in the Outbound Links list. 

Set Link Type to Direct. 

Set Protocol to Mapped or UNC. 

Enter the full path, in the appropriate format, of the directory where the other domain is located. 
Click OK. 


Repeat Step 4 through Step 8 for each domain in the Outbound Links list where you want the 
MTA to use a mapped or UNC link. 


Selecting multiple domains is also allowed. 
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10 Double-click a domain in the Inbound Links list. 

11 Set Link Type to Direct. 

12 Set Protocol to Mapped or UNC. 

13 Enter the full path, in the appropriate format, of the directory where the local domain is located. 
14 Click OK. 


15 Repeat Step 10 through Step 14 for each domain in the Inbound Links list where you want the 
MTA to use a mapped link. 


Selecting multiple domains is also allowed. 
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16 Click File > Exit > Yes to save the link changes. 


ConsoleOne then notifies the MTA to restart with the new link configuration. 


Using Gateway Links between Domains 

You can use GroupWise gateways to link domains within your GroupWise system. 
+ “Using the Async Gateway to Link Domains” on page 636 
+ “Using the Internet Agent to Link Domains” on page 636 

Using the Async Gateway to Link Domains 


You can use the Async Gateway to link a domain into your GroupWise system using a modem. For 
setup instructions, see the Async Gateway documentation at the GroupWise Gateway 
Documentation Web site (http://www.novell.com/documentation/gwgateways). 


NOTE: Group Wise gateways such as the Async Gateway are legacy products that are not supported 
with the current GroupWise version. 


Using the Internet Agent to Link Domains 


You can use the Internet Agent (GWIA) to link a domain into your GroupWise system across the 
Internet. When you use the GWIA as the transport mechanism between domains, it encapsulates 
GroupWise messages (both email messages and administrative messages) within SMTP messages in 
order to transport them across the Internet. For setup instructions, see Section 58.2, “Linking 
Domains,” on page 848 


NOTE: A simpler alternative to a gateway link for spanning the Internet is to use MTA to MTA links, 
as described for linking separate GroupWise systems in “Using Dynamic Internet Links” in the 
GroupWise 2012 Multi-System Administration Guide. The same configuration that can link two separate 
GroupWise systems can be employed to link a domain within the same GroupWise system. 


Changing the Link Protocol between a Domain and Its Post Offices 


How messages are transferred between the MTA for the domain and the POA for each post office is 
determined by the link protocol in use between the domain and each post office. For a review of link 
protocols, see Section 10.1.3, “Link Protocols for Direct Links,” on page 159. 


If you need to change from one link protocol to another, some reconfiguration of the MTA and its link 
to each post office is necessary. 


+ “Using TCP/IP Links between a Domain and its Post Offices” on page 637 
+ “Using Mapped or UNC Links between a Domain and its Post Offices” on page 639 


NOTE: The Linux MTA reguires TCP/IP links between a domain and its post offices. 
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Using TCPIIP Links between a Domain and its Post Offices 


To change from mapped or UNC links to TCP/IP links between a domain and its post offices, you 
must perform the following two tasks: 


+ 


+ 


“Configuring the Agents for TCP/IP” on page 637 
“Changing the Link Protocol between a Domain and its Post Offices to TCP/IP” on page 638 


Configuring the Agents for TCP/IP 


1 


If the MTA for the domain is not yet set up for TCP/IP communication, see “Configuring the 
MTA for TCP/IP” on page 632. 


If any post offices do not yet have a POA set up for TCP/IP communication, see Section 36.2.1, 
“Using Client/Server Access to the Post Office,” on page 494 to set up the initial TCP/IP 
information. 


In ConsoleOne, expand the Post Office object to display the POA object(s) in the post office. 


Only one POA per post office needs to communicate with the MTA. If the post office has 
multiple POAs, have a POA that performs message file processing communicate with the MTA 
for best performance. For information about message file processing, see Section 35.5, “Role of 
the Post Office Agent,” on page 477. 


4 Right-click the POA object, then click Properties. 
5 Click GroupWise > Network Address to display the Network Address page. 


Properties of POA 
GroupWise ~ | NDS Rights + | Other | Rights to Files and Folders 
Network Address 

TCP/IP Address: [172.16.5.18 
External IP Address: [ 
IPX/SPX Address: L 


Bind Exclusively to TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7101 E Disabled W 


HTTP: 7181 [Disabled v 


Internal Client/Server: 167718) [enabled M 

External Client/Server: 0 E Enabled v 

IMAP: 13 [Disabled v 993 à 
Internal SOAP: 71918 Disabled Mi 

External SOAP: 7191] i 


Calendar Publishing: 7171 E 


CaJCes Can) E 


6 On the Network Address page, click the pencil icon for the TCP/IP Address field to display the 


Edit Network Address dialog box. 


Edit Network Address 


TCPAP Address 
© IP Address: [ [ [ | 


(© DNS Host Name: ibd-0es.provo.novell.com 


Cancel Help 
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7 Inthe Message Transfer Port field, specify a unique TCP port on which the POA will listen for 
incoming messages from the MTA. 


The default is 7101. 


8 Foroptimum security, select Enabled in the SSL drop-down list for the message transfer port. For 
more information, see Section 42.2.2, “Securing the Domain with SSL Connections to the MTA,” 
on page 643. 


9 Click OK to save the TCP/IP information and return to the main ConsoleOne window. 


ConsoleOne then notifies the POA to restart with message transfer processing enabled. 


Changing the Link Protocol between a Domain and its Post Offices to TCP/IP 
1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 
File Edit Search View Window Help 


E FE a 2] a & hic wy PProvo1 (Primary) E [iimm] [M 
Domain: Provo1 

‘Outbound Links from Provot 

rDirect 

$% Provo2 

$% Provo3 


Indirect: 
°$ Provo4 (Provo3) 


Gateway Undefined 


rDirect 
$% Provo2 
%, Provo3 


rindirect 
°$ Provo4 (Provo2) 


2 Inthe drop-down list, select the domain where you want TCP/IP links to post offices. 
3 Click View > Post Office Links to display post office links. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 


EEK) 
File Edit Search View Window Help 
| ai 5| Kdl Q = LI F Provo1 (Primary) = in| 


Post Office Links for Provo1 


Post Office Links for Provo1 E 
Post Office 


jbd.provo.novell.com:1677,7101 
172.16.5.18:1677,7101 


Legal 


4 Double-click a Post Office object. 
5 Inthe Protocol field, select TCP/IP. 
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Edit Post Office Link 


Post Office: 


Protocol: 
Post Office Agent: 
IP Address: 


Client/Server Port: 


Development 


TCPAP 


POA 


ibd-0es.provo novell.com : 7101 Z 


1677 


Maximum send message size: 0 4 MBytes: 


Cancel 


Help 


6 Make sure the information displayed in the Edit Post Office Link dialog box matches the 
information provided in the Edit Network Address dialog box in “Configuring the Agents for 
TCP/IP” on page 637. 


7 Click OK. 


8 Repeat Step 4 through Step 7 for each post office in the domain where you want to use TCP/IP 


links. 


9 To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


ConsoleOne then notifies the MTA and POAs to restart using the new link protocol. 


For a sample message flow for this configuration, see “TCP/IP Link Open: Transfer between Post 


Offices Successful” in “Message Delivery to a Different Post Office” in GroupWise 2012 Troubleshooting 
3: Message Flow and Directory Structure. 


Using Mapped or UNC Links between a Domain and its Post Offices 


To change from a TCP/IP link to a mapped or UNC link between a domain and its post offices: 


Click OK. 
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In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


Repeat Step 4 through Step 7 for each post office in the domain. 


In the drop-down list, select the domain where the post offices reside. 
Click View Post Office Links to display post office links. 

Double-click a Post Office object. 
In the Protocol field, select Mapped or UNC. 


Provide the location of the post office in the format appropriate to the selected protocol. 


To exit the Link Configuration tool and save your changes, click File > Exit > Yes. 


ConsoleOne then notifies the POA and MTA to restart using the new link protocol. 


Binding the MTA to a Specific IP Address 


If the MTA runs on a server that has multiple IP addresses, you can cause the MTA to bind to a 


specific IP address. The specified IP address is associated with all ports used by the MTA. Without an 


exclusive bind, the MTA binds to all IP addresses available on the server. 


1 In ConsoleOne, expand the Domain object to display the MTA object in the post office. 
2 Right-click the MTA object, then click Properties. 
3 Click GroupWise > Network Address to display the Network Address page. 
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42.1.6 


42.1.7 


4 


5 


If the TCP/IP Address field does not yet display the IP address you want the MTA to use: 


4a Click the pencil icon for the TCP/IP Address field to display the Edit Network Address 
dialog box. 


4b Specify the IP address for the MTA, then click OK. 
Select Bind Exclusively to TCP/IP Address, then click OK to save the IP address setting. 


Corresponding Startup Switches: You can also use the --ip switch in the MTA startup file to bind the 
MTA to a specific IP address. 


Moving the MTA to a Different Server 


As your GroupWise system grows and evolves, you might need to move an MTA from one server to 
another. For example, you might decide to run the MTA on a different platform, or perhaps you want 
to move it to a server that has more disk space for the mslocal directory. 


1 
2 


Stop the existing MTA. 


Copy the entire mslocal subdirectory structure to wherever you want it on the new server. It 
might contain messages that have not yet been delivered. 


When moving the MTA, pay special attention to the following details: 


+ Inthe MTA startup file, set the --work switch to the location of the mslocal directory on the 
new server. 


¢ If the original MTA was configured for TCP/IP links between domains, you must 
reconfigure the MTA object with the IP address and port number for the MTA on the new 
server. See “Using TCP/IP Links between Domains” on page 632. 


Install the MTA on the new server. See “Installing GroupWise Agents” in the GroupWise 2012 
Installation Guide. 


Start the new MTA, as described in the following sections in the GroupWise 2012 Installation 
Guide: 


¢ “Starting the Linux Agents with a User Interface” 
+ “Starting the Windows GroupWise Agents” 


Observe the new MTA to see that it is running smoothly. See Chapter 43, “Monitoring the MTA,” 
on page 659. 


If you are no longer using the old server for any GroupWise agents, you can remove the agents 
to reclaim the disk space, as described in the following sections in the GroupWise 2012 Installation 
Guide: 

¢ “Uninstalling the Linux GroupWise Agents” 

+ “Uninstalling the Windows GroupWise Agents” 


Adjusting the MTA for a New Location of a Domain or Post Office 


The MTA configuration must be adjusted if you make the following changes to your GroupWise 
system configuration: 


+ 


+ 


“New Domain Location” on page 641 


“New Post Office Location” on page 641 
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New Domain Location 


If you move a domain from one server to another, you need to edit the MTA startup file to provide 
the new location of the domain directory. 

1 Stop the MTA for the old domain location if it is still running. 

2 Use an ASCII text editor to edit the MTA startup file. 


Windows: Only the first 8 characters of the domain name are used in the file name. The startup file is 
typically located in the directory where the MTA software is installed. 


Linux: The full domain name is used in the file name. However, all letters are lowercase and any 
spaces in the domain name are removed. The startup file is located in the /opt/novel1/ 
groupwise/agents/share directory. 


3 Adjust the setting of the --home switch to point to the new location of the domain directory. 
4 Save the MTA startup file. 


5 Start the MTA for the new domain location, as described in the following sections in the 
GroupWise 2012 Installation Guide: 


¢ “Starting the Linux Agents with a User Interface” 


¢ “Starting the Windows GroupWise Agents” 


New Post Office Location 
If you move a post office, you need to adjust the link information for that post office. 


1 Click Tools > GroupWise Utilities > Link Configuration. 

In the drop-down list, select the domain where a post office has moved. 
Click View > Post Office Links to display post office links. 

Double-click the post office that has been moved. 

Provide its new location in the appropriate format. 

Click OK. 

Click File > Exit > Yes to save the link changes. 
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ConsoleOne then notifies the MTA to restart with the new link configuration. 


42.1.8 Adjusting the MTA Logging Level and Other Log Settings 


When you are installing or troubleshooting the MTA, a logging level of Verbose can be useful. 
However, when the MTA is running smoothly, you can set the logging level down to Normal to 
conserve disk space occupied by log files. See Section 43.3, “Using MTA Log Files,” on page 677. 
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42.2 Configuring User Access through the Domain 


Although users do not access the domain as they use the GroupWise client, their messages often pass 
through domains while traveling from one post office to another. 


+ Section 42.2.1, “Restricting Message Size between Domains,” on page 642 
+ Section 42.2.2, “Securing the Domain with SSL Connections to the MTA,” on page 643 
+ Section 42.2.3, “Enabling Exchange Address Book Synchronization,” on page 645 


42.2.1 Restricting Message Size between Domains 


You can configure the MTA to restrict the size of messages that users are permitted to send outside 
the domain. 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 


KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 DER) 
File Edit Search View Window Help 

| ME | S 
Domain: Provo1 
Outbound Links from Provot 
r Direct 
%, Provo2 
%, Provo3 


R| Foor cman =] BI 


Indirect: 
‘1 Provo4 (Provo3) 


r Gateway Undefined 


rDirect 


ES Provo2 °$ Provos (Provo2) 
$% Provo3 


rindirect 


2 Double-click the domain where you want to restrict message size. 


Edit Domain Link 
Description: How Provof connects to Provo3 
Link Type: Pret z] A 
Settings Help 
Protocot = [Tori >] 


IP Address: |ibd-Inx.provo.novell.com : 7100 


Z Scheduling... 
T Override 


Maximum send message size: 0 + MBytes 
Delay message size: 0 4 MBytes 


Transfer Pull Info... External Link Info... 


3 Inthe Maximum Send Message Size field, specify in megabytes the size of the largest message you 
want users to be able to send outside the post office. 


IMPORTANT: If you have also set a message size limit for your GWIAs, as described in 


Section 54.1.2, “Creating a Class of Service,” on page 788, make sure that the MTA message size 
limit is equal to or greater than the GWIA message size limit. 
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4 (Conditional) If you want to delay large messages, specify the size in megabytes for message 
files the MTA can process immediately in the Delay Message Size field. 


If a message file exceeds the delay message size, the message file is moved into the low priority 
(6) message queue, where only one MTA thread is allocated to process very large messages. This 
arrangement allows typical messages to be processed promptly, while delaying large messages 
that exceed the specified size. The result is that large messages do not slow down processing of 
typical messages. Message size restrictions override message priority, meaning that even high 
priority messages are delayed if they exceed the size restrictions. 


5 Click OK. 
To exit the Link Configuration Tool and save your changes, click File > Exit > Yes. 


ConsoleOne then notifies the MTA to restart using the new message size limits. 


If a user’s message is not sent out of the domain because of this restriction, the user receives an email 
message providing the following information: 


Delivery disallowed - Transfer limit is nn MB 
However, the message is delivered to recipients in the sender’s own domain. 


There are additional ways to restrict the size of messages that users can send, as described in 
Section 12.3.5, “Restricting the Size of Messages That Users Can Send,” on page 201. 


Securing the Domain with SSL Connections to the MTA 


Secure Sockets Layer (SSL) ensures secure communication between the MTA and other programs by 
encrypting the complete communication flow between the programs. For background information 
about SSL and how to set it up on your system, see Section 83.2, “Server Certificates and SSL 
Encryption,” on page 1107. 


To configure the MTA to use SSL: 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of MTA 


GroupWise ~ | NDS Rights ~ | Other | Rights to Files and Folders | 
Network Address 


TCPAP Address: [172.16.5.18 
IPX/SPX Address: | 


I Bind Exclusively to TCPAP Address 


Port SSL 
Message Transfer: 7100 5 Disabled x | 


HTTP: 7180 $| [Disabled »] 


Page Options... Cancel Apply 
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3 Touse SSL connections between the MTA and the POAs for its post offices, which provides 
optimum security, select Enabled in the Message Transfer SSL drop-down list. 


The MTA mustuse a TCP/IP connection to each POA in order to enable SSL for the connection. 
See “Using TCP/IP Links between a Domain and its Post Offices” on page 637. 


Each POA must also have SSL enabled for the connection to be secure. See Section 36.3.3, 
“Securing the Post Office with SSL Connections to the POA,” on page 508. 


4 Touse SSL connections between the MTA and the MTA Web console displayed in your Web 
browser, which provides optimum security, select Enabled in the HTTP SSL drop-down list. 
To set up the MTA Web console, see Section 43.2.1, “Setting Up the MTA Web Console,” on 
page 669. 

5 Click Apply to save the settings on the Network Address page. 


You are prompted the supply the SSL certificate and key files. The key file must be password 
protected in order for SSL to function correctly. 


6 Click Yes to display the SSL Settings page. 


Properties of MTA 


GroupWise + | NDS Rights ~ | Other | Rights to Files and Folders 
SSL Settings 


Certificate file: 


SSL key file: 


Set Password 


Page Options... | Cancel | 


For background information about certificate files and SSL key files, see Section 83.2, “Server 
Certificates and SSL Encryption,” on page 1107. 


By default, the MTA looks for the certificate file and SSL key file in the same directory where the 
MTA executable is located, unless you provide a full path name. 


7 Inthe Certificate File field, browse to and select the public certificate file provided to you by your 
CA. 


8 Inthe SSL Key File field: 
8a Browse to and select your private key file. 
8b Click Set Password. 
8c Provide the password that was used to encrypt the private key file when it was created. 
8d Click Set Password. 
9 Click OK to save the SSL settings. 


ConsoleOne then notifies the MTA to restart using the new message size limits. 
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Corresponding Startup Switches: You can also use the --certfile, --keyfile, --keypassword, --httpssl, 
and --msgtranssl switches in the MTA startup file to configure the MTA to use SSL. 


MTA Web Console: You can list which connections the MTA is using SSL for from the Links page. 
Click View TCP/IP Connections to display the list if TCP/IP links. 


42.2.3 Enabling Exchange Address Book Synchronization 


Starting in GroupWise 2012 SP2, the MTA can perform address book synchronization between 
GroupWise and Exchange. 


Exchange address book synchronization requires its own license. If you enable Exchange address 
book synchronization, your GroupWise system might be subject to additional licensing fees. 

We invite you to contact your Novell representative, reseller, or partner to learn more about this 
feature or for pricing and licensing information. 


For setup instructions, see the GroupWise/Exchange Coexistence Guide. 


42.3 Configuring Specialized Routing 


As you create each new domain in your GroupWise system, you link it to another domain. You can 
view and modify the links between domains using the Link Configuration Tool. See Chapter 10, 
“Managing the Links between Domains and Post Offices,” on page 155. The following topics help 
you configure the MTA to customize routing through your GroupWise system: 


¢ Section 42.3.1, “Using Routing Domains,” on page 645 


+ Section 42.3.2, “Scheduling Direct Domain Links,” on page 647 
+ Section 42.3.3, “Using a Transfer Pull Configuration (Windows Only),” on page 650 


42.3.1 Using Routing Domains 


As an alternative to configuring individual links between individual domains throughout your 
GroupWise system, you can establish a system of one or more routing domains under the following 
circumstances. 


+ Domains must connect to the routing domains with TCP/IP links. 


+ GroupWise 5.5 and later domains can be part of the routing domain system. Domains and MTAs 
that are still at a 5.2 or earlier version cannot participate and must use links as provided in the 
Link Configuration Tool. 


A routing domain can serve as a hub in the following situations: 


+ Messages that are otherwise undeliverable can be automatically sent to a single routing domain. 
This routing domain can be set up to perform DNS lookups and route messages out across the 
Internet. See “Using Dynamic Internet Links” in “Connecting to Other GroupWise Systems” in 
the GroupWise 2012 Multi-System Administration Guide. 


+ All messages from a domain can be automatically routed through another domain, regardless of 
the final destination of the messages. This provides additional control of message flow through 
your GroupWise system. 
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You can set up routing domains on two levels: 


+ “Selecting a System Default Routing Domain” on page 646 


+ “Selecting a Specific Routing Domain for an Individual Domain” on page 646 


Selecting a System Default Routing Domain 


You can establish a single default routing domain for your entire GroupWise system. This provides a 
centralized routing point for all messages. It takes precedence over specific links established when 
domains were created or links modified with the Link Configuration Tool. 


To set up a system default routing domain: 


1 In ConsoleOne, click Tools > Group Wise System Operations > System Preferences > Routing Options to 
display the Routing Options tab. 


GroupWise System Preferences 


Default Password j ut Settings Archive Service Settings 
Admin Preferences |; Routing Options /| External Access Rights | Nickname Settings 


Default Routing Domain: 


w Ca] 


MTAs send directly to other Groupwise systems 


2 Inthe Default Routing Domain field, browse to and select the domain you want to serve as the 
default routing domain for your entire GroupWise system. 


3 If you wantall GroupWise messages to pass through the default routing domain regardless of 
the destination of the message, select Force All Messages to This Domain. 


Or 


If you want only undeliverable Group Wise messages to be routed to the default routing domain, 
deselect Force All Messages to This Domain. 


If you do not force all messages to the system default routing domain, then you have the option 
of allowing selected MTAs to provide routing domain services in addition to the system default 
routing domain. 


4 Select MTAs Send Directly to Other GroupWise Systems if you want all MTAs in your GroupWise 
system to perform DNS lookups and route messages out across the Internet. 


or 


Deselect MTAs Send Directly to Other GroupWise Systems if you want to individually designate 
which MTAs should perform eDirectory lookups and route messages out across the Internet. 


5 Click OK to save the routing options you have specified for the system default routing domain. 


Selecting a Specific Routing Domain for an Individual Domain 


As long as you are not forcing all messages to the system default routing domain, you can override 
the system default routing information for an individual domain. 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Routing Options to display the Routing Options page. 
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Properties of MTA 
GroupWise ~ | NDS Rights + | Other | Rights to Files and Folders | 
Routing Options 


Override Default Routing Domain 
| ® 


Defined at: Corporate Mail 


r 
Defined at: Corporate Mail 


[T Allow MTA to send directly to other GroupWise systems 
Defined at: Corporate Mail 


Page Options... OK | Cancel | Apply | Help | 


System default routing information displays if it has been set up. See “Selecting a System 
Default Routing Domain” on page 646. 


3 Select Override next to the default information you want to change for the selected domain. 
4 Set the routing options as needed for the selected domain. 
5 Click OK to save the specialized routing information for the selected domain. 
ConsoleOne then notifies the MTA to restart so the routing information can be put into effect. 


MTA Web Console: You can check routing information on the Configuration page under the General 
Settings heading. 


42.3.2 Scheduling Direct Domain Links 


When domains link across an expensive medium such as long-distance phone lines, you can reduce 
the cost of the link by controlling when it is open. You can choose to have some types of messages 
wait in the message queues for the lowest phone rate. You can collect messages in the message 
queues until a specified time or size limit is reached, then open the link, rather than opening the link 
for each message as it arrives in the queue. You can design as many link profiles as you need, to 
schedule the transfer of various types of GroupWise messages in the most efficient and cost-effective 
manner. 


To create a schedule for a link between domains: 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration. 
2 In the drop-down list, select the domain to schedule a link for. 


3 Click View > Domain Links to display domain links. 
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KS GroupWise Link Configuration Tool - K:\gwsystem\provo1 
File Edit Search View Window Help 


EHTE = [uu 


Domain: Provo1 
Outbound Links from Provot 
rDirect Indirect: Gateway: Undefined 
gS Provo2 °$ Provo4 (Provo3) 
% Provo3 


pindirect: 
°$ Provo4 (Provo2) 


4 Double-click the domain you want to create a link schedule for. 
Only direct links can be scheduled. 


KS Edit Domain Link 


Description: How Provo1 connects to Provo3 
Link Type: Direct = ] 
- Settings 
Protocol: fie PP © 
P Address: [ibd-inx provo.novell.com : 7100 7 


I Override 


Maximum send message size: 0 4 MBytes: 
Delay message size: 0 3 MBytes: 


Transfer Pull Info... External Link Info... 


5 Click Scheduling. 


Link Schedule 


Tuesday 
Wednesday 
Thursday 
Friday 
_ *Default 
E Other profiles 
Wi current profiles 


Create... 


Edit 


Default. 
FE 


Delete 


The link schedule grid displays the current schedule for the selected direct link. The grid 
consists of half-hour time slots showing the link profile assigned to each time slot. Available link 
profiles are listed below the link schedule grid. 
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Each link profile defines the following values to set the conditions under which the link opens: 
+ Which message queues to monitor 
* Maximum wait time for any message in any monitored gueue 
+ Maximum number of waiting messages allowed in all monitored queues 
+ Maximum total size of waiting messages allowed in all monitored queues 


The default profile shows as white in the link schedule grid. The default profile is in effect at all 
times when no other profile has been selected. Any other defined profiles show as gray. The 
currently selected link profile shows as green. 


To create a new link profile, click Create. 

or 

To edit an existing link profile, select it in the profile list, then click Edit. 
or 

To edit the default link profile, click Default. 


Create Profile 


Time threshold (minutes) 


Description: 


[ET 


Queue 0: 0 
Cancel 


Queue 1: 0 


Help 
Queue 2: 0 


Queue 3: 0 


Queue 4: 


Queue 5: 


Thresholds for queues 0-7 


0 = Messages Pueus E 
0 = KBytes Queue 7: 


Le Lao Lab ja» Lab lel lal 


If you are creating a new link profile, provide a unique name for the link profile in the Name 
field. 


If you are editing an existing link profile, you cannot change the name. 


In the Description field, provide whatever additional information is necessary to describe the 
purpose of the link profile. 


Use the scroll bar in the Time Threshold box to select which queues to monitor and process when 
this link profile is in effect. 


Queue Purpose 


0 Busy Search requests 

1 Reguests from GroupWise Remote users 

2 High priority user messages; administrative messages 
3 High priority status messages 

4 Normal priority user messages 

5 Normal priority status messages 

6 Low priority user messages 


7 Low priority status messages 
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The contents of deselected gueues are not monitored but are processed when the link opens. 


10 Foreach selected gueue, specify the maximum number of minutes a message must wait in each 
gueue before the link opens. 


If you want the link to open immediately when a message arrives in the gueue, specify 0 (zero). 


11 Inthe Messages field, specify the total number of messages waiting in all selected gueues that 
will trigger the link to open. 


12 Inthe KBytes field, specify the total size in kilobytes of all messages waiting in all selected 
queues that will trigger the link to open. 


13 Click OK to save the link profile and return to the Link Scheduling dialog box. 
14 Selectthe new or modified link profile in the profile list. 
15 Click atime slot or drag to select a range of time slots. 
Time slots assigned to the selected link profile display as green. 
16 Select all the time slots you want governed by the selected link profile. 
17 Select a different link profile to assign to time slots. 
or 
Create or edit another link profile. 
or 
Click OK to save the schedule for the current link. 
18 When the schedule is saved, click OK to close the Edit Domain Link dialog box. 
19 To exit the Link Configuration Tool, click File > Exit > Yes. 


ConsoleOne then notifies the MTA to restart using the new link schedule. 


Using a Transfer Pull Configuration (Windows Only) 


Typically for a mapped or UNC link, the MTA for the sending domain writes (or “pushes”) message 
files into the input queue subdirectories of the receiving domain. However, it is possible to change 
this configuration so the MTA for the receiving domain picks up (or “pulls”) message files from the 
sending domain. 


The transfer pull directory is a location in the sending domain where the MTA for the receiving 
domain can pick up message files (that is, “pull” them from the sending domain). It represents the 
only configuration where an MTA processes messages outside its own domain directory structure. 


NOTE: The transfer pull configuration does not apply to the Linux MTA because the Linux MTA 
does not use mapped or UNC links. 


To set up a transfer pull configuration between domains: 


1 Manually create a transfer directory with input queue subdirectories from which outgoing 
message files are pulled. 


The transfer directory must contain a wpcsin subdirectory, with standard priority 0 through 7 
subdirectories beneath. The transfer directory must be placed where both the sending and 
receiving MTAs have rights. 


2 In ConsoleOne, modify the outgoing link from the sending domain so the MTA for the sending 
domain writes message files to the transfer directory, rather than directly to the receiving 
domain. See “Modifying the Outgoing Transfer Pull Link” on page 651. 
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In ConsoleOne, modify the incoming link to the receiving domain so the MTA for the receiving 
domain actively pulls message files from the transfer directory, rather than waiting for them to 
be delivered. See “Modifying the Incoming Transfer Pull Link” on page 651. 


Stop and restart the MTAs for both domains. 


Modifying the Outgoing Transfer Pull Link 


1 
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In ConsoleOne, connect to the sending domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


Click Tools > GroupWise Utilities > Link Configuration. 

In the drop-down list, select the sending domain. 

Click View > Domain Links to view outbound and inbound links for the sending domain. 

In the Outbound Links from sending domain name list box, double-click the receiving domain. 
If you are using a UNC path, click Override to display the Path field. 


In the Path or UNC Override field (depending on the selected protocol), specify the full path to 
the transfer directory you created. 


You can use a UNC path or a mapped drive path for the Windows MTA. 


8 Click OK. 


9 Click File > Exit > Yes to save the link changes for the sending domain and return to the main 


10 


ConsoleOne window. 


Continue with “Modifying the Incoming Transfer Pull Link” on page 651. 


Modifying the Incoming Transfer Pull Link 


1 
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In ConsoleOne, connect to the receiving domain. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


Click Tools > GroupWise Utilities > Link Configuration. 

In the drop-down list, select the receiving domain. 

Click View Domain Links to view outbound and inbound links for the receiving domain. 

In the Outbound Links from receiving domain. name list box, double-click the sending domain. 
Verify that the information displayed in the Edit Domain Link dialog box is correct. 

Click Transfer Pull Info. 

Specify the full path to the transfer directory you created. 

You can use a UNC path or a mapped drive path for the Windows MTA. 


Specify the number of seconds after which the MTA checks the transfer directory for message 
files to pull. 


Specify the command needed to reestablish the connection with the transfer directory, if that 
connection should be broken for any reason. 


Click OK until you return to the Link Configuration dialog box. 


Click File > Exit > Yes to save the link changes for the receiving domain and return to the main 
ConsoleOne window. 


Stop and restart the MTAs for both domains. 
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42.4.1 


Configuring Domain Maintenance 


You can configure the MTA to synchronize user information in the GroupWise Address Book with 
user information in eDirectory. You can also configure it to gather information about all messages 
that pass through the domain for tracking purposes. 

+ Section 42.4.1, “Using eDirectory User Synchronization,” on page 652 

+ Section 42.4.2, “Enabling MTA Message Logging,” on page 657 


Using eDirectory User Synchronization 


As long as GroupWise administration is performed with the GroupWise Administrator snap-in to 
ConsoleOne running, user information is automatically synchronized between GroupWise and 
eDirectory. However, three situations can cause this automatic synchronization to be insufficient: 


+ An administrator modifies user information in ConsoleOne without having the GroupWise 
Administrator snap-in running. 

+ The user information was changed using Novell iManager. 

¢ The user information was changed using Novell eGuide and the GroupWise Identity Manager 


driver is not in use 


In these situations, user information in eDirectory no longer matches corresponding user information 
in GroupWise. (User objects are the only GroupWise objects that can be modified without the 
GroupWise Administrator snap-in running. Modification of all other GroupWise objects requires the 
presence of the GroupWise Administrator snap-in.) 


This section covers the following aspects of eDirectory user synchronization: 


+ “Enabling eDirectory User Synchronization” on page 652 
¢ “Assigning an eDirectory-Enabled MTA to Synchronize Other Domains” on page 655 


¢ “Scheduling eDirectory User Synchronization” on page 656 


Enabling eDirectory User Synchronization 


By default, eDirectory user synchronization is disabled. The MTA still performs all its other 
functions, but any changes made to user information in eDirectory without the GroupWise 
Administrator snap-in running do not appear in GroupWise until eDirectory user synchronization 
has been performed. 


Although all MTAs can be enabled to perform eDirectory user synchronization, the minimum 
requirement is that at least one MTA be configured that way. If your GroupWise system spans 
multiple trees, at least one MTA in each tree must be configured to perform eDirectory user 

synchronization. The MTA server should have a local eDirectory replica for the MTA to access. 


1 In ConsoleOne, click Tools > GroupWise System Operations > eDirectory User Synchronization to 
display the eDirectory User Synchronization Configuration dialog box. 
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KS eDirectory User Synchronization Configuration 


Domains: 


Synchronized By 
y MTA Provoi GroupWise 
MTA Provo2.GroupWise Disabled 
MTA Provo3.GroupWise Disabled 
MTA Provod .GroupWise Disabled 


Change Assignment... 


The eDirectory User Synchronization Configuration dialog box lists all domains in your 
GroupWise system, the MTA currently assigned to provide eDirectory user synchronization for 
each domain, and the current status of that agent's ability to perform eDirectory user 
synchronization. 


2 Click Configure Agents. 


KS Configure Agents 


For an agent to be able to perform eDirectory user synchronization, it must both be 
enabled and be able to access eDirectory. Select an agent and use the buttons below 
to change these settings. 


Agents: 
eDirectory Access 
MTA Provol GroupWise Enabled 
MTA Provo2.Groupise Disabled 
MTA Provo3.GroupWWise Disabled 
MTA Provo4 GroupWise Disabled 


Set Up eDirectory A Sets the necessary properties and rights to allow the 


selected agents to authenticate to eDirectory. If an 
agent is reporting that it cannot access eDirectory, you 
should run Set Up eDirectory Access and restart the 
agent. 


3 Select an MTA that you want to perform eDirectory user synchronization. 
4 If the eDirectory Access column for the MTA displays Yes, click Enable. 
or 
If the eDirectory Access column for the MTA displays No: 
4a Click Set Up eDirectory Access. 
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GroupWise Administrator Agent Access Control 


Available LDAP Servers 


Set Preferred 


LDAP Provo1 Development 
LDAP Provo1 Teaming 
LDAP Provo2 Sales 

LDAP Provo3 Marketing 


LDAP User Name: 


LDAP Password: Set Password 


LDAP Group: 


OK Cancel Help 


4b Fill in the following fields: 


Available LDAP Servers: Select the LDAP server that you want the MTA to log into in 
order to gain access to eDirectory, then click Set Preferred. 


LDAP User Name: Browse to and select the user that the MTA can use to log in as. The 
selected user must have rights to browse properties of User objects. 


Click Set Password, provide the password associated with the user selected above, then click 
Set Password. 


LDAP Group: Browse to and select the LDAP Group object for the server where the MTA 
runs. The LDAP Group object provides a table of attribute mappings between eDirectory 
and LDAP that the MTA needs in order to perform eDirectory user synchronization. 


4c Click OK to save the LDAP information. 
The eDirectory Access column for that MTA should now display Yes so that you can enable it. 


5 If your GroupWise system spans multiple trees, repeat Step 3 through Step 4 as needed to enable 
eDirectory user synchronization for at least one MTA in each tree. 


6 Click OK to return to the eDirectory User Synchronization Configuration dialog box. 


Each domain for which you have configured the MTA for eDirectory user synchronization 
should now display Enabled in the Status column. 


eDirectory User Synchronization Configuration 


Domains: 

Domain Synchronized By 
Provot MTA Provo GroupWise Enabled 
Provo2 MTA Provo2.Groupise Disabled 
Provo3 MTA Provo3.GroupWise Disabled 
Provod MTA Provo4.GroupWise Disabled 


7 If all domains are now enabled, click OK to return to main ConsoleOne window, then continue 
with “Scheduling eDirectory User Synchronization” on page 656. 
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Or 


If some domains are still disabled, continue with “Assigning an eDirectory-Enabled MTA to 


Synchronize Other Domains” on page 655. 


Assigning an eDirectory-Enabled MTA to Synchronize Other Domains 


After at least one MTA is performing eDirectory user synchronization, other MTAs not performing 
eDirectory user synchronization themselves can have an eDirectory-enabled MTA gather the 


eDirectory information for them. 


In the eDirectory User Synchronization Configuration dialog box, 


1 Click a domain that still displays Disabled in the Status column. 


eDirectory User Synchronization Configuration 


Domains: 
Domain 


Synchronized By 


Provo1 
Provo2 
Provo3 
Provo4 


MTA Provo1 .GroupWise 
MTA Provo2.GroupWise 
MTA Provo3.GroupWise 
MTA Provo4.GroupWise 


Enabled 

Disabled 
Disabled 
Disabled 


2 Selectan MTA, then click Change Assignment. 


KS select Synchronization Agent 


Available Agents: 
Agent 


State 


eDirectory Access 


MTA Provo1 GroupWise 


Note: This list contains only those agents that are currently able to perform 
eDirectory user synchronization. 


Enabled 


3 Selectthe MTA you want to perform eDirectory user synchronization for the selected domain, 
then click OK. 


The domain should now display Enabled in the Status column of the eDirectory User 


Synchronization Configuration dialog box. 


4 Repeat Step 1 through Step 3 until all domains in your GroupWise system are enabled for 
eDirectory user synchronization. 


5 Click OK to return to the main ConsoleOne window. 
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Scheduling eDirectory User Synchronization 


By default, one eDirectory user synchronization event is scheduled at 1:00 a.m. daily for each MTA 
where eDirectory user synchronization is enabled. 


You can edit the default event, or you can create one or more additional eDirectory user 
synchronization events to perform eDirectory user synchronization more freguently. 


To schedule an eDirectory user synchronization event: 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Scheduled Events to display the Scheduled Events page. 


Properties of MTA 
NDS Rights + | Other | Rights to Files and Folders | 


Scheduled events used by this agent: 
V] Default eDirectory User Synchronization Event 


The Scheduled Events page lists a pool of MTA events available to all MTAs in your GroupWise 
system if any events have already been created. 


3 Select the default event, then click Edit. 
or 


Click Create, then type a name for the event. 


Create Scheduled Event 


Name: [ 


Event Type: [eDirectory User Synchronization 


Trigger 


G Weekday Weekday: [Sunday 


C Daily Time: 12:00 PM 
Cancel Help 


The name can include as many as 128 characters. 
4 Set Type to eDirectory User Synchronization. 


5 Inthe Trigger box, specify when you want the eDirectory user synchronization event to take 
place. 
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You can have the synchronization event take place once a week, once a day, or at any other 
regular interval, at whatever time you choose. 


6 Specify the time of day when you want eDirectory user synchronization to take place. 


7 Click OK twice to close the scheduled event dialog boxes and save the eDirectory user 
synchronization event. 


ConsoleOne then notifies the MTA to restart so the eDirectory user synchronization event can be 
put into effect. 


Enabling MTA Message Logging 


Message logging is turned off by default, because it causes the MTA to use additional CPU and disk 
resources. However, gathering information about message traffic on your GroupWise system lets you 
perform many valuable tasks, including: 

+ Tracking messages 

+ Gathering statistics to help optimize your GroupWise system 

+ Billing customers for messages delivered 

+ Tracking messages from the MTA Web console and from GroupWise Monitor 
When you enable MTA message logging, the MTA stores data about GroupWise message traffic as it 
processes messages. The stored data is then available for use by the MTA Web console Message 
Tracking feature and by the Group Wise Monitor Message Tracking Report option. In addition, third- 


party programs can produce customized billing, tracking, and statistical reports based on the 
information stored in the database. 


To enable MTA message logging: 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Message Log Settings. 


Properties of MTA 


GroupWise + | NDS Rights + | Other | Rights to Files and Folders | 
Message Log Settings 


Message Logging Level: 


3 Inthe Message Logging field, select a logging level to turn message logging on. 


4 Inthe Message Log Path field, specify the full path of the file where the MTA will record the 
logging information. 


Configuring the MTA 657 


658 


5 Select the types of information you want to track: 


Correlate Delivery Status Reports: Select this option to maintain the relationship between user 
messages and their corresponding delivery status reports in the logged information. 


Collect Delivery Status Reports: Select this option to log delivery status reports as well as user 
messages. 


Collect Other Status Reports: Select this option to log user-requested information about 
messages sent, such as indicating that messages have been opened or deleted by the recipients. 


Track Administrative Messages: Select this option to log administrative messages such as 
database updates. 


In the Delete Reports After field, specify the number of days to retain reports on disk. Reports are 
automatically deleted after the specified time has passed. 


Click OK to save the MTA message log settings. 
ConsoleOne then notifies the MTA to restart so the new settings can be put into effect. 


For instructions about using the data that the MTA collects, see “Tracking Messages” on 
page 675 and Section 71.3.7, “Message Tracking Report,” on page 987. 


Corresponding Startup Switches: You can also use the --messagelogsettings, --messagelogpath, 
--messagelogdays, and --messagelogmaxsize switches in the MTA startup file to configure MTA 
message logging. 


GroupWise 2012 Administration Guide 


43.1 


43.1.1 


Monitoring the MTA 


By monitoring the MTA, you can determine whether or not its current configuration is meeting the 
needs of your GroupWise system. You have a variety of resources to help you monitor the operation 
of the MTA: 

+ Section 43.1, “Using the MTA Server Console,” on page 659 

+ Section 43.2, “Using the MTA Web Console,” on page 669 

+ Section 43.3, “Using MTA Log Files,” on page 677 

+ Section 43.4, “Using GroupWise Monitor,” on page 678 

+ Section 43.5, “Using Novell Remote Manager,” on page 679 

+ Section 43.6, “Using an SNMP Management Console,” on page 679 

+ Section 43.7, “Notifying the Domain Administrator,” on page 682 

+ Section 43.8, “Using the MTA Error Message Documentation,” on page 683 

+ Section 43.9, “Employing MTA Troubleshooting Techniques,” on page 683 

+ Section 43.10, “Using Platform-Specific MTA Monitoring Tools,” on page 683 

+ Section 43.11, “Using MTA Message Logging,” on page 683 


Using the MTA Server Console 


The following topics help you monitor and control the MTA from the MTA server console: 


+ Section 43.1.1, “Monitoring the MTA from the MTA Server Console,” on page 659 
+ Section 43.1.2, “Controlling the MTA from the MTA Server Console,” on page 662 


Monitoring the MTA from the MTA Server Console 


The MTA server console provides information, status, and message statistics about the MTA to help 
you assess its current functioning. 
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[E Provoz- crouwisemra SEENTE 


File Configuration Log Help 


Provo2 Up Time: 0 Days 21Hrs 53 Mins 

GroupWise Message Transfer Agent 

r Status Statistics EE 

P A 4 otal inutes 
kost Total Closed | | Routed 37 0 

Domains 4 0 Undeliverable 0 0 

Post Offices 2 0 Errors 0 0 

Gateways 6 1] 


01-22 16:56:39 GWMTA: Unable to register with SNMP agent. SNMP for this agent disabled. A 
01-22 16:56:41 DIS: MTA configuration loaded 
01-23 10:37:16 DIS: MTA restart in progress 
01-23 10:37:25 DIS: MTA restart completed 


Linux: You must use the --show startup switch in order to display the Linux MTA server console. See 
“Starting the Linux Agents with a User Interface” in “Installing GroupWise Agents” in the 
GroupWise 2012 Installation Guide. 


Windows: You can suppress the Windows MTA server console by running the Windows MTA as a service. 


See “Starting the Windows GroupWise Agents” in “Installing GroupWise Agents” in the GroupWise 
2012 Installation Guide. 


The MTA server console consists of several components: 


+ “MTA Information Box” on page 660 

+ “MTA Status Box” on page 660 

+ “MTA Statistics Box” on page 661 

+ “MTA Alert Box” on page 661 

* “MTA Admin Thread Status Box” on page 662 


Do not exit the MTA server console unless you want to stop the MTA. You can minimize the MTA 
server console, but do not close it unless you want to stop the MTA. 


MTA Information Box 


The MTA Information box identifies the MTA whose MTA server console you are viewing, which is 
especially helpful when multiple MTAs are running on the same server. 


Domain: Displays the name of the domain serviced by this MTA. 


Description: Displays the description provided in the Description field in the MTA Information 
page in ConsoleOne. If multiple administrators work at the server where the MTA runs, the 
description can include a note about who to contact before stopping the MTA. 


Up Time: Displays the length of time the MTA has been running. 
MTA Web Console: The Status page also displays this information. 


MTA Status Box 


The MTA Status box displays the current status of the MTA and its backlog. 
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Processing: Displays a rotating bar when the MTA is running. If the bar is not rotating, the MTA has 
stopped. For assistance, see “Message Transfer Agent Problems” in GroupWise 2012 Troubleshooting 2: 
Solutions to Common Problems. 


Domains: Displays the total number of domains the MTA links to and the number that are currently 
closed. 


Post Offices: Displays the total number of post offices in the domain and the number that are 
currently closed. 


Gateways: Displays the total number of gateways in the domain and the number that are currently 
closed. 


If you have closed domains, post offices, or gateways, see “MTA Status Box Shows a Closed 
Location” in “Message Transfer Agent Problems” in GroupWise 2012 Troubleshooting 2: Solutions to 
Common Problems for assistance. 


MTA Web Console: The Status page also displays this information. In addition, you can display 
detailed information about specific gueue contents. 


MTA Statistics Box 


The MTA Statistics box displays the total statistics for the current up time, and 10-minute statistics for 
all messages the MTA has routed. 


Routed: Displays the number of messages successfully routed to the domains, post offices, and 
gateways serviced by the MTA. 


Undeliverable: Displays the number of messages that could not be delivered to a domain, post 
office, or gateway. For assistance, see “MTA Statistics Box Shows Undeliverable Messages” in 
“Message Transfer Agent Problems” in GroupWise 2012 Troubleshooting 2: Solutions to Common 
Problems. 


Errors: Displays the number of errors the MTA encounters while processing messages in its input 
queues. For assistance, see “MTA Statistics Box Shows Errors” n “Message Transfer Agent Problems” 
in GroupWise 2012 Troubleshooting 2: Solutions to Common Problems. 


MTA Web Console: The Status page also displays this information. 


MTA Alert Box 


The MTA Alert box displays important messages that could require an administrator’s attention. 


Informational Status Messages 


When you first start the MTA, you typically see a message informing you that the MTA configuration 
has been loaded. 


Error Messages 


If the MTA encounters a problem that disrupts the flow of GroupWise messages, it displays an error 
message in the alert box. For assistance, see “Message Transfer Agent Error Messages” in GroupWise 
2012 Troubleshooting 1: Error Messages. 


MTA Web Console: The Status page also displays this information. In addition, you can view and 
search MTA log files on the Log Files page. 
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MTA Admin Thread Status Box 


The MTA admin thread updates the domain database (wpdomain.db) when domains, post offices, 
users, and other types of object information are added, modified, or removed, and repairs it when 
damage is detected. 


To display the MTA Admin Thread Status box from the MTA server console, click 
Configuration > Admin Status. 


x 
Admin Messages 
Completed: 0 
Errors: 0 
In Queue: 0 
Send Admin Mail = 


= Admin Database- 
Status: Normal 

DB Sort Language: US 
Recovery Count: 0 


Automatic Recovery Vv 


Perform DB Recovery | 


-Admin Thread 
Status: Running 


Cancel Help 


The following tasks pertain specifically to the MTA admin thread: 


+ “Suspending/Resuming the MTA Admin Thread” on page 665 

+ “Displaying MTA Admin Thread Status” on page 666 

+ “Recovering the Domain Database Automatically or Immediately” on page 667 
MTA Web Console: You can display MTA admin thread status on the Configuration page. Under the 
General Settings heading, click Admin Task Processing. If the MTA Web console is password protected, 


as described in Section 43.2.1, “Setting Up the MTA Web Console,” on page 669, you can change the 
admin settings for the current MTA session. 


Controlling the MTA from the MTA Server Console 


You can perform the following tasks to monitor and control the MTA from the MTA server console at 
the server where the MTA is running: 

+ “Stopping the MTA” on page 663 

+ “Restarting the MTA” on page 664 

+ “Suspending/Resuming MTA Processing for a Location” on page 664 

+ “Suspending/Resuming the MTA Admin Thread” on page 665 

¢ “Displaying the MTA Software Date” on page 665 

+ “Displaying the Current MTA Settings” on page 665 

+ “Displaying MTA Status Information” on page 665 

+ “Displaying MTA Admin Thread Status” on page 666 

+ “Recovering the Domain Database Automatically or Immediately” on page 667 

+ “Browsing the Current MTA Log File” on page 668 

+ “Viewing a Selected MTA Log File” on page 668 
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+ “Cycling the MTA Log File” on page 668 

+ “Adjusting MTA Log Settings” on page 669 

+ “Editing the MTA Startup File” on page 669 

+ “Accessing Online Help for the MTA” on page 669 


Stopping the MTA 


You might need to stop and restart the MTA for the following reasons: 


+ Updating the agent software 
* Troubleshooting message flow problems 
+ Backing up the domain database 


+ Rebuilding the domain database 
To stop the MTA from the MTA server console: 
1 Click File > Exit > Yes. 


Linux: If the Linux MTA does not respond to Exit, follow the instructions in “Stopping the Linux MTA 
When It Is Running as a Daemon” on page 663. 


Windows: If the Windows MTA does not respond to Exit, you can close the MTA server console to stop 
the MTA or use the Task Manager to terminate the MTA task. 


2 Restart the MTA, as described in the following sections in the GroupWise 2012 Installation Guide: 
¢ “Starting the Linux Agents as Daemons” 


+ “Starting the Windows GroupWise Agents” 


Stopping the Linux MTA When It Is Running as a Daemon 


To stop the Linux MTA when it is running in the background as a daemon and you started it using 
the grpwise script: 
1 Make sure you are logged in as root. 
2 Enter the following command: 
rcgrpwise stop 
3 Use the following command to verify that the MTA has stopped: 
rcgrpwise status 
To stop the Linux MTA when it is running in the background as a daemon and you started it 
manually (not using the grpwise script): 
1 Make sure you are logged in as root. 
2 Determine the process IDs (PIDs) of the MTA: 
ps -eaf | grep gwmta 
The PIDs for all gwmta processes are listed. 
You can also obtain this information from the Environment page of the MTA Web console. 
3 Kill the first MTA process listed: 
Syntax: kill PID 
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Example: kill 1483 
It might take a few seconds for all MTA processes to terminate. 
4 Usethe ps command to verify that the MTA has stopped: 
ps -eaf | grep gwmta 
5 (Conditional) If the kill command does not stop the MTA, use the following command: 
Syntax: kill -9 PID 
Example: kill -9 1483 


Restarting the MTA 


Restarting the MTA from the MTA server console causes it to reread the configuration information 
provided in ConsoleOne. However, the MTA does not reread its startup file when you restart it from 
the MTA server console. 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click File > Restart > Yes to restart the MTA. 
If you want the MTA to reread its startup file, you must stop it, then restart it. 


MTA Web Console: If the MTA Web console is password protected, as described in Section 43.2.1, 
“Setting Up the MTA Web Console,” on page 669, you can restart the MTA from the Status page. 
Click Restart MTA in the upper right corner of the page. 


Suspending/Resuming MTA Processing for a Location 


You can cause the MTA to stop processing messages for a location without stopping the MTA 
completely. For example, you could suspend message processing for a post office while backing up 
the post office. 


To suspend the MTA for a location: 
1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Configuration > Status. 


3 Click the location (or multiple locations) to suspend, then click Suspend. 
Routing of all messages to and from the location remains suspended until you resume processing. 
To resume the MTA for a location: 

1 Atthe server where the MTA is running, display the MTA server console. 

2 Click Configuration > Status. 


3 Click the location (or multiple locations) to resume, then click Resume. 


MTA Web Console: If the MTA Web console is password protected, as described in Section 43.2.1, 
“Setting Up the MTA Web Console,” on page 669, you can suspend and resume processing for a 
specific location on the Links page. Select one or more locations, then click Suspend or Resume as 
needed. 
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Suspending/Resuming the MTA Admin Thread 


You can cause the MTA to stop updating the domain database (wpdomain.db) without stopping the 
MTA completely. For example, you could suspend the MTA admin thread while backing up the 
domain database. 


To suspend the MTA admin thread: 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Configuration > Admin Status > Suspend. 


The MTA admin thread no longer accesses the domain database until you resume processing. 
To resume the MTA admin thread: 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Configuration > Admin Status > Resume. 


MTA Web Console: If the MTA Web console is password protected, as described in Section 43.2.1, 
“Setting Up the MTA Web Console,” on page 669, you can suspend and resume the MTA admin 
thread from the Configuration page. Under the General Settings heading, click Admin Task Processing 
> Suspend or Resume > Submit. 


Displaying the MTA Software Date 


It is important to keep the MTA software up-to-date. You can display the date of the MTA software 
from the MTA server console. 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Help > About MTA. 


MTA Web Console: You also check the MTA software date on the Environment page. 


Displaying the Current MTA Settings 


You can list the current configuration settings of the MTA at the MTA server console. 
To display the current MTA settings: 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Configuration > Agent Settings. 


For information about the MTA settings, see Chapter 45, “Using MTA Startup Switches,” on 
page 693. 


MTA Web Console: You check the current MTA settings on the Configuration page. 


Displaying MTA Status Information 


The MTA server console displays essential information about the functioning of the MTA. More 
detailed information is also available. 


To display detailed MTA configuration information: 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Configuration > Status to display a list of the locations to which the MTA is connected. 
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The following information is provided: 
Location Name: Displays the name of the location serviced by the MTA. 
Location Type: Indicates whether the location is a domain, post office, or gateway. 


Connection Status: Indicates whether the MTA has been successful in locating and opening the 
database in the location. 


+ Open: The MTA can access the database or communicate with the agent at the location. 
+ Closed: The MTA cannot access the database or communicate with the agent at the location. 


For assistance, see “MTA Configuration Status Isn't Open” in “Message Transfer Agent 
Problems” in GroupWise 2012 Troubleshooting 2: Solutions to Common Problems. 


+ Suspended: The MTA is not processing messages for the location because it has been 
suspended. See “Suspending/Resuming MTA Processing for a Location” on page 664. 

+ Open Pending: Post offices in the domain are in the process of opening and the MTA is 
clearing its holding gueues. After this is accomplished, the MTA begins processing current 
messages and the status changes to Open. 

Home: Displays the full path to the database that the MTA services in the listed location. For a 
TCP/IP connection, it displays the IP address of the server that the MTA connects to in order to 
service the database. 

Select a location, then click Details to display the above information plus the following additional 
details: 

Hold: Displays the full path to the location of the mslocal directory structure used by the MTA 
to hold messages for closed locations. 

Pull: Displays the transfer pull directory, if any. See Section 42.3.3, “Using a Transfer Pull 
Configuration (Windows Only),” on page 650. 


Version: Provides the version (2012, 8.0/7.0/6.x/5.x/4.x) of the database at the location. 
Last Closed/Opened: Provides the date and time when the location was last closed and opened. 


Last Closure Reason: Indicates why a closed location is closed. To look up last closure reasons, 
see “Message Transfer Agent Error Messages” in GroupWise 2012 Troubleshooting 1: Error 
Messages. 


Messages Written/Read: Provides statistics about throughput since the MTA was last started. 


Applications: Displays the programs the MTA can deliver messages to. Depending on the 
configuration of your GroupWise system, you might see GroupWise agents or GroupWise 4.1 
servers listed. 


TCP/IP: Lists the IP port the MTA listens on. 


MTA Web Console: You can check the current MTA status on the Links page at the MTA Web 
console. Click a direct link to view its message gueues. 


Displaying MTA Admin Thread Status 


Status information for the MTA admin thread is displayed in a separate dialog box, rather than on the 
main MTA server console. 


To display MTA admin thread status information: 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Configuration > Admin Status. 


The following status information is displayed: 


Admin Message Box 
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The Admin Message box provides the following information about the workload of the MTA 
admin thread: 


Completed: Number of administrative message successfully processed. 
Errors: Number of administrative messages not processed because of errors. 
In Oueue: Number of administrative messages waiting in the gueue to be processed. 


Send Admin Mail: Select this option to send a message to the administrator whenever a critical 
error occurs. See Section 43.7, “Notifying the Domain Administrator,” on page 682. 


Admin Database Box 
The Admin Database box provides the following information about the domain database: 
Status: Displays one of the following statuses: 

+ Normal: The MTA admin thread is able to access the domain database normally. 

+ Recovering: The MTA admin thread is recovering the domain database. 


+ DB Error: The MTA admin thread has detected a critical database error. The domain 
database (wpdomain. db) cannot be recovered. Rebuild the domain database in ConsoleOne. 
See Section 26.3, “Rebuilding Domain or Post Office Databases,” on page 405. 


The MTA admin thread does not process any more administrative messages until the 
database status has returned to Normal. 


* Unknown: The MTA admin thread cannot determine the status of the domain database. 
Exit the MTA, then restart it, checking for errors on startup. 


DB Sort Language: Displays the language code for the language that determines the sort order 
of lists displayed in ConsoleOne and the GroupWise Address Book. 


Recovery Count: Displays the number of recoveries performed on the domain database for the 
current MTA session. 


Admin Thread Box 
The Admin Thread box provides the following information about the MTA admin thread: 
Status: Displays one of the following statuses: 

* Running: The MTA admin thread is active. 

+ Suspended: The MTA admin thread is not processing administrative messages. 

¢ Starting: The MTA admin thread is initializing. 


+ Terminated: The MTA admin thread is not running. 


MTA Web Console: You can display MTA admin thread status from the Configuration page. Under 
the General Settings heading, click Admin Task Processing. 


Recovering the Domain Database Automatically or Immediately 


The MTA admin thread can recover the domain database (wpdomain.db) when it detects a problem. 
To enable/disable automatic domain database recovery: 


1 At the server where the MTA is running, display the MTA server console. 


2 Click Configuration > Admin Status > Automatic Recovery to toggle this feature on or off for the 
current MTA session. 


To recover the domain database immediately: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Configuration > Admin Status > Perform DB Recovery. 
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For additional database repair procedures, see Chapter 26, “Maintaining Domain and Post Office 
Databases,” on page 401. 


MTA Web Console: If the MTA Web console is password protected, as described in Section 43.2.1, 
“Setting Up the MTA Web Console,” on page 669, you can recover the post office database from the 
Configuration page. Under the General Settings heading, click Admin Task Processing. Select Automatic 
Recovery or Perform DB Recovery as needed. 


Browsing the Current MTA Log File 


The MTA displays only the most urgent messages in the alert box. Additional information is written 
to the MTA log file. The amount of information depends on the current log settings for the MTA. See 
Section 43.3, “Using MTA Log Files,” on page 677. 


The information automatically scrolls up the screen as additional information is written. You can stop 
the automatic scrolling so you can manually scroll back through earlier information. 


To browse the current MTA log file and control scrolling: 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Log > Active Log. 


3 Deselect Automatic Scrolling to manually scroll back through parts of the log that have already 
scrolled out of the box. 


4 Click Freeze to stop the MTA from logging information to the active log box. 


5 Click Thaw when you want the MTA to resume logging information to the active log box. 


For explanations of messages in the MTA log file, see “Message Transfer Agent Error Messages” in 
GroupWise 2012 Troubleshooting 1: Error Messages. 


MTA Web Console: You can browse and search MTA log files on the Log Files page. 


Viewing a Selected MTA Log File 


Reviewing log files is an important way to monitor the functioning of the MTA. 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Log > View Log Files. 
3 Select a log file, then click View. 


For explanations of messages in the MTA log file, see “Message Transfer Agent Error Messages” in 
GroupWise 2012 Troubleshooting 1: Error Messages. 


MTA Web Console: You can view and search MTA log files on the Log Files page. 


Cycling the MTA Log File 


You can have the MTA start a new log file as needed. 


1 At the server where the MTA is running, display the MTA server console. 
2 Click Log > Cycle Log. 
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Adjusting MTA Log Settings 


Default log settings are established when you start the MTA. However, they can be adjusted for the 
current MTA session from the MTA server console. 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Log > Log Settings. 
3 Adjustthe values as needed for the current MTA session. 

See Section 43.3, “Using MTA Log Files,” on page 677. 


MTA Web Console: If the MTA Web console is password protected, as described in Section 43.2.1, 
“Setting Up the MTA Web Console,” on page 669, you can adjust MTA log settings from the 
Configuration page. Click the Event Log Settings heading. 


Editing the MTA Startup File 


You can change the configuration of the MTA by editing the MTA startup file from the MTA server 
console. 


1 Atthe server where the MTA is running, display the MTA server console. 
2 Click Configuration > Edit Startup File. 

3 Makethe necessary changes, then save and exit the startup file. 

4 Stop and restart the MTA. 


Accessing Online Help for the MTA 


Click Help on the menu bar for information about the MTA server console. Click the Help button in 
any dialog box for additional information. 


Using the MTA Web Console 


The MTA Web console enables you to monitor the MTA from any location where you have access to a 
Web browser and the Internet. This provides substantially more flexible access than the MTA server 
console, which can only be accessed from the server where the MTA is running. 

+ Section 43.2.1, “Setting Up the MTA Web Console,” on page 669 

+ Section 43.2.2, “Accessing the MTA Web Console,” on page 671 

+ Section 43.2.3, “Monitoring the MTA from the MTA Web Console,” on page 672 

+ Section 43.2.4, “Controlling the MTA from the MTA Web Console,” on page 675 


Setting Up the MTA Web Console 


The default HTTP port for the MTA Web console is established during MTA installation. You can 
change the port number and increase security after installation. 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 
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Properties of MTA 


GroupWise ~ | NDS Rights ~ | Other | Rights to Files and Folders | 
Network Address 


TCPAP Address: 172.16.5.18 


PXISPX Address: J 2] 


1 Bind Exclusively to TCPAP Address 


Port SSL 


Message Transfer: 7100 $| [Disabled = 
HTTP: 7180 $| [Disabled x 


Page Options... Cancel | Apply | Help | 


If you configured the MTA for TCP/IP links during installation, the TCP/IP Address field should 
display the MTA server's network address. If it does not, follow the instructions in “Using TCP/ 
IP Links between Domains” on page 632. The MTA must be configured for TCP/IP in order to 
provide the MTA Web console. 


3 Make a note of the IP address or DNS hostname in the TCP/IP Address field. You need this 
information to access the MTA Web console. 


The HTTP Port field displays the default port number of 7180. 


4 Ifthe default HTTP port number is already in use on the MTA server, specify a unique port 
number. 


5 Make a note of the HTTP port number. You will need this information to access the MTA Web 
console. 


6 If you want to use an SSL connection for the MTA Web console, which provides optimum 
security, select Enabled in the HTTP SSL drop-down list. 


For additional instructions about using SSL connections, see Section 83.2, “Server Certificates 
and SSL Encryption,” on page 1107. 


7 Click Apply to save your changes on the Network Address page. 
If you want to limit access to the MTA Web console, you can provide a user name and password. 


8 Click GroupWise > Agent Settings to display the Agent Settings page. 
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Scan Cycle: 15 4 seconds 


Scan High: 5 E seconds 
Attach Retry: 60 4 seconds 


IV Enable Automatic Database Recovery 

F Use 2nd High Priority Scanner 

M Use 2nd Mail Priority Scanner 

SNMP Community "Get" String: [ 


HTTP Monitor Settings 


HTTP User Name: admin 


HTTP Password: Set Password 


Page Options... 


9 Inthe HTTP Settings box: 
9a Inthe HTTP User Name field, specify a unique user name. 
9b Click Set Password. 
9c Type the password twice for verification. 
9d Click Set Password. 


Unless you are using an SSL connection, do not use an eDirectory user name and password 
because the information passes over the non-secure connection between your Web browser 
and the MTA. 


For convenience, use the same user name and password for all agents that you plan to 
monitor from GroupWise Monitor. This saves you from having to provide the user name 
and password information as Monitor accesses each agent. 


10 Click OK to save the MTA Web console settings. 
ConsoleOne then notifies the MTA to restart so the new settings can be put into effect. 
Corresponding Startup Switches: You can also use the --httpport, --httpuser, and --httppassword 
startup switches in the MTA startup file to enable the MTA Web console. In addition, you can use the 


--httprefresh switch to control how often the MTA refreshes the information provided to your Web 
browser. 


Accessing the MTA Web Console 


To monitor the MTA from your Web browser, view the URL where the MTA is located by supplying 
the network address and port number as provided in ConsoleOne. For example: 


http://172.16.5.18:7100 
http://172.16.5.18:7180 
http: //server1:7100 
https: //server2:7180 


When viewing the MTA Web console, you can specify either the message transfer port or the HTTP 
port. 
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Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


Restart MTA 
Total Closed 
Domains 3 0 
Post Offices 1 0 
Gateways 1 0 
Total Last 10 minutes 
Routed 31 23 
Undeliverable 0 0 
Errors 0 0 
Router 0 


<12/05/11 14:11:35> DIS: MTA configuration loaded 


43.2.3 Monitoring the MTA from the MTA Web Console 


The MTA Web console provides several pages of information to help you monitor the performance of 
the MTA. The title bar at the top of the MTA Web console displays the name of the MTA and its 
domain. Below the title bar appears the MTA Web console menu that lists the pages of information 
available in the MTA Web console. Online help throughout the MTA Web console helps you interpret 
the information being displayed and use the links provided. 

+ “Monitoring MTA Status” on page 672 

+ “Checking the MTA Operating System Environment” on page 673 

+ “Viewing and Searching MTA Log Files” on page 673 

+ “Monitoring the Routing Queue” on page 674 

+ “Monitoring Links” on page 674 

+ “Tracking Messages” on page 675 


Monitoring MTA Status 


When you first access the MTA Web console, the Status page is displayed. Online help throughout 
the MTA Web console helps you interpret the information being displayed and use the links 
provided. 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


Up Time: 0 Days 4Hrs 11 Mins 


Total Closed 
Domains 3 0 
Post Offices 1 0 
Gateways 1 0 
Total Last 10 minutes 
Routed 31 23 
Undeliverable 0 0 
Errors 0 0 
Router 0 


Closed Links 


<12/05/11 14:11:35> DIS: MTA configuration loaded 
Click the Router link to display details about the MTA routing gueue (gwinprog). You can guickly 


determine how many messages are awaiting processing, how large they are, and how long they have 
been waiting in the routing gueue. 
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Click a closed location to display its holding gueue to see how many messages are waiting for 


transfer. 


Checking the MTA Operating System Environment 


On the MTA Web console menu, click Environment to display information about the operating system 


where the MTA is running. 


On a Linux server, the following information is displayed: 


GroupWise 2012 MTA - Provo1 
Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


Server Configuration 


Linux Release 2.6.16.60-0.54.5-default 
Novell Open Enterprise Server 2.0.3 (x86 64) 


Server jbd-oes 

OS Revision 

OES Version 

Main Thread Process ID 22764 

Build Dates 

GroupWise Agent Build Version  12.0.0-98273 
GroupWise Agent Build Date 12-03-11 
GroupWise Resource Build Date 11-11-11 


On a Windows server, the following information is displayed: 


GroupWise 2012 POA - Sales.Provo2 


Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


OS Data 


Windows Version 6.1 (Build 7601 )Service Pack 1 


Process ID 


Build Dates 


GroupWise Agent Build Version 
GroupWise Agent Build Date 
GroupWise Engine Build Date 
GroupWise Resource Build Date 


4840 


12.0.0-98273 
12-03-11 
12-03-11 
12-03-11 


Viewing and Searching MTA Log Files 


On the MTA Web console menu, click Log Files to display and search MTA log files. 


GroupWise 2012 MTA - Provo1 
Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


View Event Log Setings 


Event Log Filter 


Event containing 


Message type 


Event logs: 


1123mta.001 
1124mta 001 
1125mta 001 
1126mta 001 
1127mta 001 
1128mta.001 
1128mta 002 
1129mta 001 
1130mta 001 
1201mta.001 
1202 mta.001 
1203mta 001 
1204mta 001 
1205mta.001 
* 1205mta.002 


View Events 


To view a particular log file, select the log file, then click View Events. 


L_IMessage logging 

L- Event logging 
Dispatcher 

LI Message transfer 


11-24-11 00:00:00 0697147 
11-25-11 00:00:00 0652669 
11-26-11 00:00:00 0711007 
11-27-11 00:00:00 0652837 
11-28-11 00:00:00 0555071 
11-28-11 18:34:47 0372541 
11-29-11 00:00:00 0202557 
11-30-11 00:00:00 0962658 
12-01-11 00:00:00 0595249 
12-02-11 00:00:00 0346851 

12-03-11 00:00:00 0345811 
12-04-11 00:00:00 0346990 

12-05-11 00:00:00 0346051 

12-05-11 13:54:34 0201250 
12-05-11 18:04:53 0059879 


Routing 
Admin 
Scanner 


Selectall 


Cycle Log 
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To search all log files for a particular string, type the string in the Events Containing field, select Select 
All, then click View Events. You can also manually select multiple log files to search. 


In the Message Type list, you can select one or more types of MTA processing to search for: 


+ 


Message Logging (MLG): The message logging threads write information into the message log 
file if message logging has been turned on. See Section 42.4.2, “Enabling MTA Message 
Logging,” on page 657. 


Event Logging (LOG): The event logging thread writes information into the event log files that 
you can search on this page. See Section 43.3, “Using MTA Log Files,” on page 677. 


Dispatcher (DIS): The dispatcher thread starts other MTA threads as needed to meet the 
demands being put on the MTA at any given time. 


Message Transfer (MTP): The message transfer threads communicate with other MTAs and 
with POAs in the local domain to transfer messages to domains and post offices to which the 
local MTA is linked by way of TCP/IP. See “Using TCP/IP Links between Domains” on page 632 
and “Using TCP/IP Links between a Domain and its Post Offices” on page 637. 


Routing (RTR): The router threads process messages in the routing queue and prepare them for 
transfer to the next hop in the link path to their destinations. See Section 44.3, “Optimizing the 
Routing Queue,” on page 689. 


Admin (ADM): The admin thread updates the domain database (wpdomain.db) whenever 
administrative information changes. See “MTA Admin Thread Status Box” on page 662. 


Scanner (SCA): The scanner threads check for incoming messages when UNC or mapped links 
are in use. See Section 44.2.3, “Adjusting the Number of MTA Scanner Threads for the Domain 
and Post Offices,” on page 688. 


The results of the search are displayed on a separate page that can be printed. 


Monitoring the Routing Queue 


On the MTA Web console menu, click Status, then click Router to display the contents of the routing 
queue. Typically, no message files are waiting unless the MTA is down or backlogged. 


GroupWise 2012 MTA - Provo1 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


Last updated 12-05-11 19:06:01 


gwinprog 

Home igwsystem/provol/mslocal/gwinprog 

Queue Count KBytes Oldest Newest 
0 0 0 - - 
1 0 0 

2 0 0 

3 0 0 

4 0 0 

5 0 0 

6 0 0 

F2 0 0 


You can click any queue to view the message files it contains. 


Monitoring Links 


On the MTA Web console menu, click Links to monitor the direct links between the MTA and other 
locations. 
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GroupWise 2012 MTA - Provo1 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


Lastupdated 12-05-11 19:08:28 View Link Configuration 
View TCP/IP Connections 
View Gateways 


Direct Link Type Status Messages Queued Oldest 
Provo1 Domain Open 0 - 
Development Post Office Open 0 

GWIA Gateway Open 0 

Provo2 Domain Open 0 

Provo3 Domain Open 0 


Suspend Resume 


Click a location to view its holding queue. Click View Link Configuration to determine the address of 
each location and access the agent Web consoles of other domains and of post offices that belong to 
the local domain. Click View TCP/IP Connections to view incoming and outgoing TCP/IP links. Click 
View Gateways to restrict the list to just gateways. 


Tracking Messages 


Before you can track messages at the MTA Web console, you must enable message logging for MTAs 
throughout your system. See Section 42.4.2, “Enabling MTA Message Logging,” on page 657. When 
you enable MTA message logging, the MTA stores data about GroupWise message traffic as it 
processes messages. The stored data is then available for use from the MTA Web console. 


To track a specific message, have the sender check the Sent Item Properties for the message in the 
GroupWise client. The Mail Envelope Properties field displays the message ID of the message; for 
example, 3AD5EDEB.31D : 3 : 12763. To track all messages sent by a particular user, make a note of 
the user's GroupWise user ID. 


On the MTA Web console menu, click Message Tracking. 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


View Message Log Settings 
View Log Files 
Filename 
| Submit 
Message ID 
| 
Originator 


Fill in one of the fields, depending on what you want to track, then click Submit. The results of the 
search are displayed on a separate page which can be printed. 


43.2.4 Controlling the MTA from the MTA Web Console 


At the MTA Web console, you can change some MTA log settings for the current MTA session. You 
can also stop and start some specific MTA threads. 
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IMPORTANT: In order to control the MTA from the MTA Web console, you must set up 
authentication for the MTA Web console, as described in Section 43.2.1, “Setting Up the MTA Web 
Console,” on page 669. 


+ “Changing MTA Configuration Settings” on page 676 
+ “Controlling the MTA Admin Thread” on page 676 
+ “Controlling Links to Other Locations” on page 677 


Changing MTA Configuration Settings 


On the MTA Web console menu, click Configuration. Online help on the Configuration page helps you 
interpret the configuration information being displayed. 


GroupWise 2012 MTA - Provo1 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 
Grou MTA Configuration Setting 


General Settings: 

Domain Directory /gwsystem/provol 
Work Directory: /gwsystem/provol/mslocal 
Database Version 12 

Preferred GWIA Provo1.GWIA 
Default Route 

Force Route No 

Known IDomains *yourcompanyname.com 
Allow Direct Send to Other Systems No 

Error Mail to Administrator No 

Display the Active Log Window Initially: No 

eDirectory Authenticated Yes 

eDirectory User Synchronization: Yes 

Admin Task Processing Yes 

Database Recovery: Yes 

Simple Network Management Protocol (SNMP) Disabled 

IPV6 Protocol Enabled 

Startup File 

TCP/IP Settings: 

Maximum Inbound TCP/IP Connections 40 

TCP/IP Address: 17215717 

TCP Port for Incoming Connections 7100 

Message Transfer over SSL: Disabled 

TCP Port for HTTP Connections 7180 

HTTP Refresh Rate 60 secs 

HTTP over SSL Disabled 

TCP/IP Connection Timeout: 40 

TCP/IP Data Timeout 40 


Event Log Settings: 
Log Level Normal 


Disk Logging Yes 


Click the Event Log Settings heading to change the MTA log settings for the current MTA session. 


Controlling the MTA Admin Thread 


On the Configuration page, click Admin Task Processing. 


GroupWise 2012 MTA - Provoi 
Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


Provo1 

Admin Messages 

Completed 8 
Errors 0 
Send Admin Mail 

Admin Database 

Status Normal 
DB Sort Language EN 
Recovery Count 0 
Automatic Recovery * 
Perform DB Recovery 

Admin Thread 

Status Running 
Suspend 

Resume O 


Submit 
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Modify the functioning of the MTA admin thread as needed, then click Submit. The changes remain 
in effect for the current MTA session. 


Controlling Links to Other Locations 
On the MTA Web console menu, click Links. 


GroupWise 2012 MTA - Provo1 


Status | Configuration | Environment | Log Files | Links | Message Tracking | Help 


Last updated 12-05-11 19:08:28 


Direct Link Type Status Messages Queued Oldest 
Provo1 Domain Open 0 - 
Development Post Office Open 

GWIA Gateway Open 0 

Provo2 Domain Open 0 

Provo3 Domain Open 0 


Suspend | Resume | 


Select one or more locations, then click Suspend or Resume as needed. 


43.3 Using MTA Log Files 


Error messages and other information about MTA functioning are written to log files as well as 
displaying on the MTA server console. Log files can provide a wealth of information for resolving 
problems with MTA functioning or message flow. This section covers the following subjects to help 
you get the most from MTA log files: 


+ Section 43.3.1, “Locating MTA Log Files,” on page 677 

+ Section 43.3.2, “Configuring MTA Log Settings and Switches,” on page 677 
+ Section 43.3.3, “Viewing MTA Log Files,” on page 678 

+ Section 43.3.4, “Interpreting MTA Log File Information,” on page 678 


43.3.1 Locating MTA Log Files 
The default location of the MTA log files varies by platform: 


Linux: /var/log/novell/groupwise/domain name.mta 


Windows: mslocal subdirectory in the directory specified by the --work switch 


You can change the location where the MTA creates its log files, as described in Configuring MTA 
Log Settings and Switches. 


43.3.2 Configuring MTA Log Settings and Switches 


The following aspects of logging are configurable: 


+ Log File Path (--log) 
+ Disk Logging (--logdiskoff) 
+ Logging Level (--loglevel) 
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+ Maximum Log File Age (--logdays) 
+ Maximum Log File Size (--logmax) 
You can configure the log settings in the following ways: 
+ Using ConsoleOne to establish defaults (Section 42.1.8, “Adjusting the MTA Logging Level and 
Other Log Settings,” on page 641) 


+ Using startup switches to override ConsoleOne settings (Section 45, “Using MTA Startup 
Switches,” on page 693) 


+ Using the MTA server console to override log MTA settings for the current session (“Adjusting 
MTA Log Settings” on page 669) 


+ Using the MTA Web console to override other MTA settings for the current MTA session 
(Section 43.2.4, “Controlling the MTA from the MTA Web Console,” on page 675) 


Viewing MTA Log Files 


You can view the contents of the MTA log file from the MTA server console and Web console. See the 
following tasks: 


+ “Browsing the Current MTA Log File” on page 668 

+ “Viewing a Selected MTA Log File” on page 668 

+ “Cycling the MTA Log File” on page 668 

+ “Viewing and Searching MTA Log Files” on page 673 


Interpreting MTA Log File Information 


On startup, the MTA records the MTA settings currently in effect. Thereafter, it logs events that take 
place, including errors. To look up error messages that appear in MTA log files, see “Message 
Transfer Agent Error Messages” in GroupWise 2012 Troubleshooting 1: Error Messages. 


Because the MTA consists of multiple threads, you might find it useful to retrieve the log file into an 
editor and sort it on the thread ID that follows the date and time information. Sorting groups all 
messages together for the same MTA thread. At the MTA Web console, you can search through 
multiple log files. See “Viewing and Searching MTA Log Files” on page 673. You can also use the 
search capability of the MTA Web console to gather information about a specific MTA thread. See 
“Viewing and Searching MTA Log Files” on page 673. 


Using GroupWise Monitor 


GroupWise Monitor is a monitoring and management tool that allows you to monitor GroupWise 
agents and gateways from any location where you are connected to the Internet and have access to a 
Web browser. The MTA Web console can be accessed from GroupWise Monitor, enabling you to 
monitor all MTAs in your GroupWise system from one convenient location. In addition, GroupWise 
Monitor can notify you when agent problems arise. 
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GroupWise, Monitor 


Else) B Novell 
98 Corporate Monitored agents for "Corporate" group 
9 OES Agents Total: 9 Displayed: 1-9 
® SLES Agents Refresh Hide Subgroup Agent |[ Problem |[ Suspend ][ Resume |[ Move |[ options ][ Thresholds |[ Help 
2 Windows Agents 
Name Status Status Duration Up Time Type Version Platform 
Create @) Provoi Normal Od1h54m Od6h39m MTA 12.0.0 (12/03/2011) Linux 
Renan © DevelopmentProvol Normal Od1h54m Od6h39m POA 12.0.0 (12/03/2011) Linux 
= @ GWIAProvol Normal Od1h54m Od6h38m GWIA 12.0.0 (12/03/2011) Linux 
Refresh ©) Provo3 Normal Od1h54m Od2h29m MTA 12.0.0 (12/03/2011) Linux 
LE © GWIAProvo3 Normal Od1h54m Od2h29m GWA 12.0.0 (12/03/2011) Linux 
@) Research.Provo3 Normal Od1h54m Od2h29m POA 12.0.0 (12/03/2011) Linux 
©) Provo2 Normal Od1h54m Od1h53m MTA 12.0.0 (12/3/2011) Windows 
9) GWIAProvo2 Normal Od1h54m Od1h52m GWIA 1200 (12-03-11) Windows 
9) Sales Provo2 Normal Od1h54m Od1h52m POA 12.0.0 (12/3/2011) Windows 


For installation and setup instructions, see “Installing GroupWise Monitor” in the GroupWise 2012 
Installation Guide. For usage instructions, see Part XV, “Monitor,” on page 939. 


Using Novell Remote Manager 


If the MTA is running on Novell Open Enterprise Server (OES), you can use Novell Remote Manager 
to monitor the MTA. For more information, see the Novell Remote Manager for Linux Administration 
Guide for your version of OES Linux (http://www.novell.com/documentation/oes.html). 


Using an SNMP Management Console 


You can monitor the MTA from the Management and Monitoring component of Novell ZENworks 
for Servers or another SNMP management and monitoring program. When properly configured, the 
MTA sends SNMP traps to network management consoles for display along with other SNMP 
monitored programs. 


Although the MTA is SNMP-enabled by default, the server where the MTA is installed must be 
properly configured to support SNMP, and the MTA object in eDirectory must be properly 
configured as well. To set up SNMP services for your server, complete the following tasks: 


» Section 43.6.1, “Setting Up SNMP Services for the MTA,” on page 679 
+ Section 43.6.2, “Copying and Compiling the MTA MIB File,” on page 681 
+ Section 43.6.3, “Configuring the MTA for SNMP Monitoring,” on page 682 


Setting Up SNMP Services for the MTA 


Select the instructions for the platform where the MTA runs: 


+ “Linux: Setting Up SNMP Services for the MTA” on page 680 
+ “Windows: Setting Up SNMP Services for the MTA” on page 680 


Monitoring the MTA 679 


680 


Linux: Setting Up SNMP Services for the MTA 


The Linux MTA is compatible with NET-SNMP. An older version of SNMP called UCD-SNMP 
cannot be used with the Linux MTA. NET-SNMP comes standard with OES Linux, but it does not 
come standard with SLES 9. If you are using SLES 9, you must update to NET-SNMP in order to use 
SNMP to monitor the Linux MTA. 

1 Make sure you are logged in as root. 


2 If NET-SNMP is not already set up on your Linux server, use the following command to 
configure SNMP: 


snmpconf -g basic setup 
The snmpconf command creates the snmpd. conf file in one of the following directories, 


depending on your version of Linux: 


/usr/share/snmp 
/usr/local/share/snmp 
~/.snmp 


3 Locate the snmpd.conf file on your Linux server. 

4 Ina text editor, open the snmpd. conf file and add the following line: 
dlmod Gwsnmp /opt/novell/groupwise/agents/lib/libgwsnmp.so 

5 Save the snmpd.conf file and exit the text editor. 


6 Restart the SNMP daemon (snmpd) to put the changes into effect. 


IMPORTANT: Make sure that the SNMP daemon always starts before the MTA starts. 


7 Skip to Section 43.6.2, “Copying and Compiling the MTA MIB File,” on page 681. 


Windows: Setting Up SNMP Services for the MTA 


For Windows, the SNMP Service is usually not included during the initial operating system 
installation. The SNMP Service can be easily added at any time. To add or configure the SNMP 
Service, you must be logged in as a member of the Administrator group. 


To set up SNMP services for the Windows MTA, complete the following tasks: 


¢ “Installing SNMP Support on Windows Server 2008” on page 680 
¢ “Installing SNMP Support on Windows Server 2003” on page 681 
+ “Installing GroupWise Agent SNMP Support” on page 681 


Installing SNMP Support on Windows Server 2008 


On the Control Panel, click Programs and Features. 

Click Turn Windows features on or off to open the Server Manager. 
Click Features > Add Features. 

In the Features list, expand SNMP Services, then select SNMP Service. 
Click Next, then click Install. 


When the installation is finished, click Close, then exit the Server Manager. 


N Oo OF R 0 N M 


Skip to Installing GroupWise Agent SNMP Support. 
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Installing SNMP Support on Windows Server 2003 


1 Click Start > Control Panel > Add or Remove Programs. 

2 Click Add/Remove Windows Components. 

3 Select Management and Monitoring Tools. 

4 Click Details, then select Simple Network Management Protocol. 

5 Follow the on-screen instructions to install the SNMP Trap Service. 


6 Continue with Installing Group Wise Agent SNMP Support. 


Installing GroupWise Agent SNMP Support 


The GroupWise Agent Installation program includes an option for installing SNMP support. 
However, if the server where you installed the agents did not yet have SNMP set up, that installation 
option was not available. Now that you have set up SNMP, you can install GroupWise agent SNMP 
support. 


Atthe Windows server where you want to install the GroupWise agent SNMP support: 


1 Run setup.exe at the root of the downloaded GroupWise 2012 software image. 


2 Click Install GroupWise System, click Yes to accept the License Agreement, then click Next to 
perform a standard installation. 


3 Select Install individual components, deselect GroupWise Administration, then click Next. 


4 On the Installation Path page, browse to and select the path where the agent software is 
installed, then select Install and Configure SNMP for GroupWise Agents. 


5 Continue through the rest of the installation process as prompted by the Agent Installation 
program. 


The Agent Installation program copies the SNMP support files to the agent installation directory, 
makes the appropriate Windows registry entries, and restarts the Windows SNMP service. 


6 Continue with Section 43.6.2, “Copying and Compiling the MTA MIB File,” on page 681. 


Copying and Compiling the MTA MIB File 


An SNMP-enabled MTA returns information contained in a Management Information Base (MIB). 
The MIB is an ASCII data structure that defines the information gathered. It also defines the 
properties that can be monitored and managed on the SNMP-enabled MTA. 


Before you can monitor an SNMP-enabled MTA, you must compile the gwmta .mib file using your 
SNMP management program. GroupWise agent MIB files are located in the /agents/snmpmibs 
directory of your GroupWise software distribution directory or the downloaded GroupWise 2012 
software image. 


The MIB file contains all the Trap, Set, and Get variables used for communication between the MTA 
and management console. The Trap variables provide warnings that point to current and potential 
problems. The Set variables allow you to configure portions of the application while it is still running. 
The Get variables display the current status of different processes of the application. 


1 Copy the gwmta.mib file from the \agents\snmp directory to the location required by your 
SNMP management program. 
2 Compile or import the gwmta . mib file as required by your SNMP management program. 


3 Continue with Configuring the MTA for SNMP Monitoring. 
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43.6.3 Configuring the MTA for SNMP Monitoring 


In order for SNMP monitoring programs to monitor the MTA, the MTA must be configured with a 
network address and SNMP community string. 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 


2 Click GroupWise > Network Address to display the Network Address page. 

3 Clickthe pencil icon to provide the TCP/IP address of the server where the MTA runs, then click 
Apply. 

4 Click GroupWise > Agent Settings. 


5 Provide your system SNMP community GET string, then click OK. 


6 Configure the SNMP Service with the same community GET string: 


Ga 
6b 
6c 
6d 
6e 

6f 


On the Windows desktop, click Start > Administrator Tools > Services. 

Right-click SNMP Service, then click Properties. 

Click Security, then click Add in the Accepted community names list. 

In the Community Name field, specify your system SNMP community GET string. 
In the Community Rights drop down list, select READ WRITE. 


Click Add to add the community string to the list, then click OK to close the SNMP 
Properties 


7 Restart the MTA. 
The MTA should now be visible to your SNMP monitoring program. 


43.7 Notifying the Domain Administrator 
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If you want to be notified with an email message whenever the MTA encounters a critical error, you 
can designate yourself as an administrator of the domain for which the MTA is running. 


1 In ConsoleOne, browse to and right-click the Domain object, then click Properties to display the 
Identification page. 


Properties of Provo1 


{| NDS Rights + | Other | Rights to Files and Folders 


Domain: Provoi 


Description: 


UNC Path: |\\JBD-GW'\mail\qvisystem\provol 


Language; [English - US 


Domain Type: Primary 


Time Zone: |(GMT-07:00) Mountain Time (US & Canada) 


Database Version: 12 


Administrator: | 


View Client Options 
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2 Inthe Administrator field, browse to and select your GroupWise user ID. 


A domain can have a single administrator, or you can create a group to function as 
administrators. 


3 Click OK to save the administrator information. 


The selected user or group then begins receiving email messages whenever the MTA for the 
domain encounters a critical error. 


Corresponding Startup Switches: By default, the MTA generates error mail if an administrator has 
been assigned for the domain. Error mail can be turned off using the --noerrormail switch. 


MTA Web Console: Another way to receive email notification of MTA problems is to use GroupWise 
Monitor to access the MTA Web console. See Section 69.5.1, “Configuring Email Notification,” on 
page 957. 


Using the MTA Error Message Documentation 


MTA error messages are documented with the source and explanation of the error, possible causes of 
the error, and actions to take to resolve the error. See “Message Transfer Agent Error Messages” in 
GroupWise 2012 Troubleshooting 1: Error Messages. 


Employing MTA Troubleshooting Technigues 


If you are having a problem with the MTA but not receiving a specific error message, or if the 
suggested actions for the specific error did not resolve the problem, you can review more general 
troubleshooting strategies for dealing with MTA problems. See “Message Transfer Agent Problems” 
in “Strategies for Agent Problems” in GroupWise 2012 Troubleshooting 2: Solutions to Common Problems. 


You can also use GroupWise Monitor to troubleshoot message transfer problems. See Part XV, 
“Monitor,” on page 939. 


Using Platform-Specific MTA Monitoring Tools 


Each operating system where the MTA runs provides tools for monitoring programs. 


Linux: You can use SNMP tools like snmpget and snmpwalk that allow you to retrieve the data about all 
the services registered with the SNMP service. These tools are part ofthe NET-SNMP package. 
See your Linux documentation for additional monitoring suggestions. 


Windows: You can use the Performance Monitor in Windows Administrator Tools to gather similar 
information. See your Windows documentation for additional monitoring suggestions. 


Using MTA Message Logging 


For extremely detailed monitoring of message flow, you can configure the MTA to gather a variety of 
statistics. See Section 42.4.2, “Enabling MTA Message Logging,” on page 657. 
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Optimizing the MTA 


You can adjust how the MTA functions to optimize its performance. Before attempting optimization, 
you should run the MTA long enough to observe its efficiency and its impact on other network 
applications running on the same server. See Chapter 43, “Monitoring the MTA,” on page 659. 


Also, remember that optimizing your network hardware and operating system can make a difference 
in MTA performance. 


The following topics help you optimize the MTA: 


+ Section 44.1, “Optimizing TCP/IP Links,” on page 685 

+ Section 44.2, “Optimizing Mapped/UNC Links,” on page 686 

+ Section 44.3, “Optimizing the Routing Queue,” on page 689 

+ Section 44.4, “Adjusting MTA Polling of Closed Locations,” on page 690 


Optimizing TCP/IP Links 


Using startup switches in the MTA startup file, you can fine-tune the performance of TCP/IP links. 


+ Section 44.1.1, “Adjusting the Number of MTA TCP/IP Connections,” on page 685 
+ Section 44.1.2, “Adjusting the MTA Wait Intervals for Slow TCP/IP Connections,” on page 686 


Adjusting the Number of MTA TCP/IP Connections 


When using TCP/IP links between domains, you can control the number of inbound connections the 
MTA can establish for receiving messages from POAs and GWIAs in the same domain and from 
MTAs and GWIAs in other domains in your GroupWise system. 


Use the --tcpinbound switch in the MTA startup file to increase the maximum number of inbound 
connections the MTA can establish from the default of 40 to whatever setting meets the needs of your 
system. There is no maximum setting. 


If the MTA is receiving more requests than it can accept, the sending MTAs must wait until a 
connection becomes available, which slows down message transfer. Each connection requires only 
about 20 KB. For example, if you configure the MTA to accept 600 connections, it would require 
approximately 12 MB of RAM. Although there is no maximum setting for inbound connections, this 
setting is adequate to handle very heavy usage. Use lower settings to conserve RAM or for lighter 
usage. 


MTA Web Console: You can check the maximum number of TCP/IP connections that the MTA can 
start on the Configuration page under the TCP/IP Settings heading. 
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Adjusting the MTA Wait Intervals for Slow TCP/IP Connections 


When using TCP/IP links, you can control how long the MTA waits for responses. 


By default, the MTA waits 5 seconds for a response when trying to contact another MTA ora POA 
across a TCP/IP link. If no response is received from the other MTA or the POA, the sending MTA 
tries again three more times. If all four attempts fail, the MTA reports an error, then waits 10 minutes 
before it tries again. 


When the MTA attempts to send messages to another MTA or a POA across a TCP/IP link, the 
sending MTA tries for 20 seconds before reporting an error. 


On some networks, these wait intervals might not be sufficient, and the MTA might report an error 
when, by waiting longer, the needed connection or data transfer could take place. 


Use the --tcpwaitconnect switch in the MTA startup file to increase the number of seconds the MTA 
waits for a response from another MTA or a POA across a TCP/IP link. 


Use the --tcpwaitdata switch in the MTA startup file to increase the number of seconds the MTA 
attempts to send messages to another MTA or a POA across a TCP/IP link. 


MTA Web Console: You can check the current wait intervals on the Configuration page under the 
TCP/IP Settings heading. 


Optimizing Mapped/UNC Links 


If you must use mapped or UNC links, you can fine-tune how the MTA polls its input queues. 


+ Section 44.2.1, “Using TCP/IP Links between Locations,” on page 686 


+ Section 44.2.2, “Adjusting MTA Polling of Input Queues in the Domain, Post Offices, and 
Gateways,” on page 686 


+ Section 44.2.3, “Adjusting the Number of MTA Scanner Threads for the Domain and Post 
Offices,” on page 688 


NOTE: The Linux MTA does not use mapped or UNC links. 


Using TCP/IP Links between Locations 


TCP/IP links between domains or between a domain and its post offices are faster than mapped or 
UNC links because the MTA is immediately notified whenever a new message arrives. This 
eliminates the latency involved in scanning input directories for messages to process. To change from 
mapped or UNC links to TCP/IP links, see “Using TCP/IP Links between Domains” on page 632 and 
“Using TCP/IP Links between a Domain and its Post Offices” on page 637 


Adjusting MTA Polling of Input Queues in the Domain, Post Offices, 
and Gateways 
When using mapped or UNC links between the local domain and its post offices and other domains, 


the MTA can create a lot of network traffic just scanning its input queues, especially if the message 
load is light. This can be minimized by setting the scan cycle to a higher number. On the other hand, 
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if the scan cycle is set too high, important messages might need to wait in the input gueues to be 
picked up by the MTA. The MTA 's scan cycle settings also control how often it communicates with 
gateways installed in the domain. 


By default, when using mapped or UNC links, the MTA scans its high priority queues every 5 
seconds and its regular and low priority gueues every 15 seconds. You can adjust the scan cycle 
settings to meet the needs of your GroupWise system. 

1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 


2 Click GroupWise > Agent Settings to display the Agent Settings page. 


x 
f | NDS Rights + | Other | Rights to Files and Folders | 
Scan Cycle: 15 4 seconds 
Scan High: 5 = seconds 
Attach Retry: 60 4 seconds 


M Enable Automatic Database Recovery 

IM Use 2nd High Priority Scanner 

F Use 2nd Mail Priority Scanner 

SNMP Community "Get" String: [ 


r HTTP Monitor Settings = 


HTTP User Name: admin 
HTTP Password: Set Password 


Page Options... 


3 Decrease the number of seconds in the Scan Cycle field if you want the MTA to scan the regular 
and low priority queues (2-7) more often. 


or 


Increase the number of seconds in Scan Cycle field if you want the MTA to scan the regular and 
low priority queues (2-7) less often. 


4 Decrease the number of seconds in the Scan High field if you want the MTA to scan the high 
priority queues (0-1) more often. 


or 


Increase the number of seconds in the Scan High field if you want the MTA to scan high priority 
queues (0-1) less often. 


For the locations and specific uses of the MTA input queues, see “Message Transfer/Storage 
Directories” in GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure. 


5 Click OK to save the new scan cycle settings. 


ConsoleOne then notifies the MTA to restart so the new settings can be put into effect. 


Corresponding Startup Switches: You can also use the --cylo and --cyhi switches in the MTA startup 
file to adjust the MTA scan cycle. 


MTA Web Console: You can check the current MTA scan cycle on the Configuration page under the 
Performance Settings heading. 
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Adjusting the Number of MTA Scanner Threads for the Domain and 
Post Offices 


When using mapped or UNC links, the MTA automatically starts four scanner threads, one for each 
of the following subdirectories of its input gueues: 


Priority Used For 

Subdirectory 

0 Busy Search requests from GroupWise client users 

1 GroupWise Remote user requests 

2 Administrative messages and high priority user messages 
3-7 Regular and low priority messages and status messages 


For the locations of the MTA input queues, see “Message Transfer/Storage Directories” in GroupWise 
2012 Troubleshooting 3: Message Flow and Directory Structure. 


To conserve server resources, you can reduce the number of scanner threads that the POA starts, but 
this is not recommended. 


IMPORTANT: Do not try to run more than one MTA for the same domain. 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


x 
NDS Rights ~ | Other | Rights to Files and Folders | 
Scan Cycle: 15 2j seconds 
Scan High: 5 4 seconds 
Attach Retry: 60 4 seconds 


IM Enable Automatic Database Recovery 
JV Use 2nd High Priority Scanner 
IV Use 2nd Mail Priority Scanner 


SNMP Community "Get" String: 


HTTP Monitor Settings 


HTTP User Name: admin 
HTTP Password: Set Password 


Page Options... 


Use 2nd High Priority Scanner is selected by default to provide separate MTA scanner threads for 
Busy Searches and GroupWise Remote users. 


Use 2nd Mail Priority Scanner is selected by default to provide separate MTA scanner threads for 
administrative messages and high priority user messages vs. regular and low priority messages. 


With these default settings, the MTA always starts four scanner threads. You can deselect either 
option so that the MTA starts fewer scanner threads 
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3 Deselect scanner thread options to allocate threads to priority subdirectories as shown in the 


table below. 
Primary Use Priority Two Scanner Two High Two Mail Default 
Directory Threads Priority Priority Operation 
Scanners Scanners 
Busy searches wpcsin\0 High priority High priority High priority High priority 
scanner thread scanner thread scanner thread scanner thread 
one one 
GroupWise wpcsin\1 High priority High priority 
Remote user scanner thread scanner thread 
requests two two 
Administrative  wpcsin\2 Mail priority Mail priority Mail priority Mail priority 
requests and scanner thread scanner thread scanner thread scanner thread 
high priority one one 
messages 
High priority wpcsin\3 
statuses 
Normal priority wpcsin\4 Mail priority Mail priority 
messages scanner thread scanner thread 
o two two 
Normal priority wpcsin\5 
statuses 
Low priority wpcsin\6 
messages 
Low priority wpcsin\7 
statuses 
Total Scanner Threads in Use: 2 3 3 4 


4 Click OK to save the new scanner thread settings. 


ConsoleOne then notifies the MTA to restart so the new setting can be put into effect. 


Corresponding Startup Switches: You can also use the --fast0 and --fast4 switches in the MTA 
startup file to adjust the allocation of MTA scanner threads. 


MTA Web Console: You can check the current MTA scan cycle on the Configuration page under the 
Performance Settings heading. 


44.3 Optimizing the Routing Queue 


Using startup switches in the MTA startup file, you can fine-turn MTA processing in of the routing 
queue. When the MTA starts, it starts one or more router threads to process its routing queue 
(gwinprog). As messages arrive in the routing queue, it starts additional routers as needed, within 
parameters you can set. 

+ Section 44.3.1, “Adjusting the Maximum Number of Active Router Threads,” on page 690 

+ Section 44.3.2, “Adjusting the Maximum Number of Idle Router Threads,” on page 690 


MTA Web Console: You can view the current contents of the routing queue from the Status page. 
Click Router under the Queue Information heading. 
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44.3.1 Adjusting the Maximum Number of Active Router Threads 


By default, the MTA continues to start additional router threads to processes messages in the routing 
queue as long as message traffic demands it, until as many as 16 router threads are running. Use the 
--maxrouters switch in the MTA startup file to control the number of router threads the MTA can 
start. 


Set --maxrouters to a lower number to conserve resources and keep the MTA from starting more than 
the specified maximum number of router threads. 


44.3.2 Adjusting the Maximum Number of Idle Router Threads 


By default, after the MTA starts a router thread, it keeps it running, up to the maximum number 
specified by the --maxrouters switch. In a system where short bursts of heavy message traffic are 
followed by extended lulls, idle router threads could be consuming resources that would be better 
used by other processes. Use the --maxidlerouters switch in the MTA startup file to determine how 
many idle router threads are allowed to remain running. The default is 16 idle router threads. 


Set --maxidlerouters to a lower number if you want the MTA to terminate idle router threads more 
quickly. Set --maxidlerouters to a higher number if you want the MTA to keep more idle router 
threads ready to process incoming message traffic. 


44.4 Adjusting MTA Polling of Closed Locations 


When a location becomes closed (unavailable), the MTA waits before attempting to recontact that 
location. If the MTA waits only a short period of time, the MTA can waste time and create network 
traffic by trying to reestablish a connection with a closed location. On the other hand, you do not 
want the MTA to ignore an available location by waiting too long. 


By default, the MTA waits 600 seconds (10 minutes) between its attempts to contact a closed location. 
You can adjust the time interval the MTA waits to meet the needs of your GroupWise system. 


1 In ConsoleOne, browse to and right-click the MTA object, then click Properties. 
2 Click GroupWise > Agent Settings to display the Agent Settings page. 


Properties of MTA x 
NDS Rights v | Other | Rights to Files and Folders | 
Scan Cycle: 15 al seconds 
Scan High: 5 = seconds 
Attach Retry: 60 F seconds 


IM Enable Automatic Database Recovery 

IM Use 2nd High Priority Scanner 

IV Use 2nd Mail Priority Scanner 

SNMP Community "Get" String: [ 


HTTP Monitor Settings 


HTTP User Name: admin 
HTTP Password: Set Password 


Page Options... 
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3 Decrease the number of seconds in the Attach Retry field if you want the MTA to try to contact 
closed locations more often. 


Or 


Increase the number of seconds in the Attach Retry field if you want the MTA to try to contact 
closed locations less often. 


4 Click OK to save the new Attach Retry setting. 
ConsoleOne then notifies the MTA to restart so the new setting can be put into effect. 
For a TCP/IP link, a location is considered open if the MTA receives a response from the receiving 


agent within the currently configured wait intervals. See Section 44.1.2, “Adjusting the MTA Wait 
Intervals for Slow TCP/IP Connections,” on page 686. Otherwise, the location is considered closed. 


For a mapped or UNC link, a location is considered open if the MTA can perform the following 
actions: 


+ Create a temporary directory in the MTA input queue (domain\wpcsin and 
post officelwpcsin directories) 

+ Create a temporary file in that new directory 

+ Delete the temporary file 

+ Delete the temporary directory 


For more information about the MTA input gueues, see “Message Transfer/Storage Directories” in 
GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure. 
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Using MTA Startup Switches 


You can override settings provided in ConsoleOne by using startup switches in the MTA startup file. 
The default location for the startup file varies by platform. 


Linux: /opt/novell/groupwise/agents/share 


Windows: c:\Program Files\Novell\GroupWise Server\Agents 


When you run the Agent Installation program, an initial MTA startup file is created. It is named 
using the first 8 characters of the domain name with a .mta extension. This initial startup file includes 
the --home startup switch set to the location of the domain directory. 


When you update the MTA software, the existing MTA startup file can be retained or overwritten as 
needed. 


Linux: When you use both the /nstall and Configure options in the Agent Installation program, the 
existing MTA startup file is backed up and then overwritten. When you use only the Install option, 
the existing MTA startup file is retained. 


Windows: When you select Install the software files, but do not configure the agents in the Agent Installation 
program, the existing MTA startup file is retained. When you do not select this option, the existing 
MTA startup file is backed up and then overwritten. 


Startup switches specified on the command line override those in the startup file. Startup switches in 
the startup file override corresponding settings in ConsoleOne. You can view the MTA startup file 
from the Configuration page of the MTA Web console. 


The table below summarizes MTA startup switches for all platforms and how they correspond to 
configuration settings in ConsoleOne. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


Linux MTA Windows MTA ConsoleOne Settings 
file name Ofile name N/A 

--activelog lactivelog N/A 

--certfile /certfile Certificate File 
--cluster /cluster N/A 

--cyhi lcyhi Scan High 

--cylo lcylo Scan Cycle 


--defaultroutingdomain 


--fastO 


/defaultroutingdomain 


/fastO 


Default Routing Domain 


Use 2nd High Priority Scanner 
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Linux MTA 


--fast4 

--help 

--home 
--httppassword 
--httpport 
--httprefresh 
--httpssl 
--httpuser 

--ip 

--keyfile 
--keypassword 
--language 

--log 

--logdays 
--logdiskoff 
--loglevel 
--logmax 
--maxidlerouters 
--maxrouters 
--messagelogdays 
--messagelogmaxsize 
--messagelogpath 
--messagelogsettings 
--msgtranssl 
--noada 

--nodns 
--noerrormail 
--nondssync 
--norecover 
--nosnmp 

--show 
--tcpinbound 


--tcpport 


Windows MTA 


/fast4 

help 

/home 
/httppassword 
/httpport 
Ihttprefresh 
/httpssl 

/httpuser 

lip 

/keyfile 
/keypassword 
Ilanguage 

llog 

/logdays 
Ilogdiskoff 
/loglevel 

/logmax 
/maxidlerouters 
/maxrouters 
/messagelogdays 
/messagelogmaxsize 
/messagelogpath 
/messagelogsettings 
/msgtranssl 
/noada 

/nodns 
/noerrormail 
/nondssync 
/norecover 
/nosnmp 

N/A 

/tcpinbound 


/tcpport 
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ConsoleOne Settings 
Use 2nd Mail Priority Scanner 
N/A 

N/A 

HTTP Password 
HTTP Port 

N/A 

HTTP 

HTTP User Name 
TCP/IP Address 

SSL Key File 

SSL Key File Password 
N/A 

Log File Path 

Max Log File Age 
Logging Level 

Logging Level 

Max Log Disk Space 
N/A 

N/A 

Delete Reports After 
N/A 

Message Log File Path 
Message Logging Level 
Message Transfer SSL 
N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 

N/A 


Network Address 


45.1 


45.2 


45.3 


Linux MTA Windows MTA 


--tcpwaitconnect /tcpwaitconnect 
--tcpwaitdata /tcpwaitdata 
--vsnoadm /vsnoadm 
--work /work 


@file_name 


ConsoleOne Settings 
N/A 
N/A 
N/A 
N/A 


Specifies the location of the MTA startup file. On Linux, the startup file always resides in the /opt/ 
novell/groupwise/agents/share directory. On Windows, the full path must be included if the file 
does not reside in the same directory with the MTA program. The startup file must reside on the 


same server where the MTA isinstalled. 


Linux MTA 
Syntax: @[/dir/|file 


Example: ./gwmta @../share/Inxdom.mta 


--activelog 


Windows MTA 
@[drive:][\dir\]file 


gwmta.exe @provo2.mta 
gwmta.exe @d:\agt\provo2.mta 


Displays the active log window rather than the alert box when the MTA starts. See Section 43.1.1, 
“Monitoring the MTA from the MTA Server Console,” on page 659. 


Linux MTA 


Syntax: --activelog 


--certfile 


Windows MTA 


/activelog 


Specifies the full path to the public certificate file used to provide secure SSL communication between 
the MTA and other programs. See Section 42.2.2, “Securing the Domain with SSL Connections to the 


MTA,” on page 643. 


Linux MTA 


Syntax: --certfile-/dir/file 


Example: --certfile /certs/gw.crt 


See also --keyfile and --keypassword. 


Windows MTA 


/certfile-[drive:}\dir\file 
/certfile-\\svAsharename\dir\file 


/certfile-\ssl\gw.crt 
/certfile-m:\ssl\gw.crt 
/certfile-\\server2\c\ssl\gw.crt 
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45.4 --cluster 


Informs the MTA that it is running in a cluster. A clustered MTA automatically binds to the IP 
address configured for the MTA object even if the Bind Exclusively to TCP/IP Address option is not 
selected on the MTA Network Address page in ConsoleOne. This prevents unintended connections 
to other IP addresses, such as the loopback address or the node's physical IP address. For information 
about clustering the MTA, see the GroupWise 2012 Interoperability Guide. 


Linux MTA Windows MTA 


Syntax: --cluster /cluster 


See also /ip. 


45.5 --cyhi 


Sets the number of seconds in the scan cycle that the MTA uses to scan its priority 0-1 input queues. 
The default is 5 seconds. See Section 44.2.2, “Adjusting MTA Polling of Input Queues in the Domain, 
Post Offices, and Gateways,” on page 686. 


Linux MTA Windows MTA 
Syntax: --cyhi-seconds /cyhi-seconds 
Example: --cyhi 3 Icyhi-3 


See also --cylo. 


45.6 --cylo 


Sets the number of seconds in the scan cycle that the MTA uses to scan its priority 2-7 input queues. 
The default is 15 seconds. See Section 44.2.2, “Adjusting MTA Polling of Input Queues in the Domain, 
Post Offices, and Gateways,” on page 686. 


Linux MTA Windows MTA 
Syntax: --cylo-seconds Icylo-seconds 
Example:  --cylo 10 Icylo-10 


See also --cyhi. 
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45.7 --defaultroutingdomain 


Identifies the domain name in your GroupWise system to which all MTAs should send messages 
when they cannot resolve the available routing information to a specific user.post_office.domain 
GroupWise address. See Section 42.3.1, “Using Routing Domains,” on page 645. 


Linux MTA Windows MTA 
Syntax: --defaultroutingdomain domain /defaultroutingdomain-domain 
Example: --defaultroutingdomain inethub /defaultroutingdomain-inethub 


45.8 --fast0 


Causes the MTA to monitor and process the priority 0 and 1 subdirectories independently with 
separate scanner threads, rather than in sequence with the same scanner thread. See Section 44.2.3, 
“Adjusting the Number of MTA Scanner Threads for the Domain and Post Offices,” on page 688. 


Linux MTA Windows MTA 


Syntax: --fast0 /fastO 


See also --fast4. 


45.9 --fast4 


Causes the MTA to monitor and process the priority 2 and 3 subdirectories with a separate scanner 
thread from the priority 4 through 7 subdirectories. See Section 44.2.3, “Adjusting the Number of 
MTA Scanner Threads for the Domain and Post Offices,” on page 688. 


Linux MTA Windows MTA 


Syntax: --fast4 /fast4 


See also --fast0. 


45.10 --help 


Displays the MTA startup switch Help information. When this switch is used, the MTA does not 


start. 

Linux MTA Windows MTA 
Syntax: --help or --? /help or /? 
Example: ./gwmta --help gwmta.exe /help 
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45.11 


45.12 


45.13 


--home 


Specifies the domain directory, where the MTA can access the domain database (wpdomain. db). 
There is no default location. You must use this switch in order to start the MTA 


Linux MTA Windows MTA 


Syntax: --home /dir /home-[drive:]\dir 
/home-\\svr\sharename\dir 


Example: --home /gwsystem/provo2 /home-\provo2 
/home-m:\provo2 
home-\\server2\c\mail\provo2 


If you specify a UNC path with the --home switch when you run the MTA as a Windows service, you 
must configure the MTA service to run under a specific Windows user account. If you specify a local 
directory or a mapped drive, you can configure the MTA service to run under the local system 
account. However, running under the Administrator account is highly recommended. 


--httppassword 


Specifies the password for the MTA to prompt for before allowing MTA status information to be 
displayed in your Web browser. Do not use an existing eDirectory password because the information 
passes over the non-secure connection between your Web browser and the MTA. See Section 43.2, 
“Using the MTA Web Console,” on page 669. 


Linux MTA Windows MTA 
Syntax: --httppassword unique_password /httppassword-unique_password 
Example:  --httppassword AgentWatch /httppassword-AgentWatch 


See also /httpuser, /httpport, /httprefresh, and /httpssl. 


--httpport 


Sets the HTTP port number used for the MTA to communicate with your Web browser. The default is 
7180; the setting must be unique. See Section 43.2, “Using the MTA Web Console,” on page 669. 


Linux MTA Windows MTA 
Syntax: --httpport port_number /httpport-port_number 
Example: --httpport 3802 /httpport-3803 


See also --httpuser, --httppassword, --httprefresh, and --httpssl. 
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45.14 --httprefresh 


Specifies the rate at which the MTA refreshes the status information in your Web browser. The 
default is 60 seconds. See Section 43.2, “Using the MTA Web Console,” on page 669. 


Linux MTA Windows MTA 
Syntax: --httprefresh seconds /httprefresh-seconds 
Example: --httprefresh 90 /httprefresh-120 


See also --httpuser, --httppassword, --httpport, and --httpssl. 


45.15 --httpssl 


Enables secure SSL communication between the MTA and the MTA Web console displayed in your 
Web browser. See Section 42.2.2, “Securing the Domain with SSL Connections to the MTA,” on 
page 643. 


Linux MTA Windows MTA 


Syntax: --httpssl /httpssl 


See also --certfile, --keyfile, and --keypassword. 


45.16 --httpuser 


Specifies the user name for the MTA to prompt for before allowing MTA status information to be 
displayed in your Web browser. Providing a user name is optional. Do not use an existing eDirectory 
user name because the information passes over the non-secure connection between your Web 
browser and the MTA. See Section 43.2, “Using the MTA Web Console,” on page 669. 


Linux MTA Windows MTA 
Syntax: --httpuser unique_name /httpuser-unique_name 
Example: --httpuser GWWebCon /httpuser-GWWebCon 


See also --httppassword, --httpport, and --httprefresh. 
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45.17 -ip 


Binds the MTA to a specific IP address when the server where it runs uses multiple IP addresses. The 
specified IP address is associated with both ports used by the MTA (message transfer and HTTP) 
Without the --ip switch, the MTA binds to all available IP addresses. See Section 42.1.5, “Binding the 
MTA to a Specific IP Address,” on page 639. 


Linux MTA Windows MTA 
Syntax: --ip IP. address lip-IP. address 

--ip “full DNS. name” /ip-”full_ DNS name” 
Example: --ip 172.16.5.18 lip-172.16.5.18 

--ip “mtasvr.provo.novell.com” lip-"mtasvr.provo.novell.com” 


45.18 --keyfile 


Specifies the full path to the private file used to provide secure SSL communication between the MTA 
and other programs. See Section 42.2.2, “Securing the Domain with SSL Connections to the MTA,” on 


page 643. 
Linux MTA Windows MTA 
Syntax: --keyfile /dir/file /keyfile-[drive:]\dir\file 
/keyfile-\svr\sharename\din\file 
Example: --kevyfile /ssl/gw.key /keyfile-\ssl\gw.key 


/keyfile-m:\ssl\gw.key 
/keyfile-\\server2\c\ssl\gw.key 


See also --certfile and --keypassword. 


45.19 --keypassword 


700 


Specifies the password used to encrypt the private SSL key file when it was created. See 
Section 42.2.2, “Securing the Domain with SSL Connections to the MTA,” on page 643. 


Linux MTA Windows MTA 
Syntax: --keypassword password Ikeypassword-password 
Example: --keypassword gwssl /keypassword-gwssl 


See also --certfile and --keyfile. 
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45.20 


45.21 


--language 


Specifies the language to run the MTA in, using a two-letter language code as listed below. You must 
install the MTA in the selected language in order for the MTA to display in the selected language. 


The initial default is the language used in the domain. If that language has not been installed, the next 
default is the language used by the operating system. If that language has not been installed, the final 
default is English. You only need to use this switch if you need to override these defaults. 


Linux MTA Windows MTA 
Syntax: --language code /language-code 
Example: --language de Ilanguage-fr 


Contact your local Novell sales office for information about language availability. 


See Chapter 7, “Multilingual GroupWise Systems,” on page 123 fora list of language codes. 


--log 


Specifies the directory where the MTA will store its log files. The default location varies by platform. 


Linux: /var/log/novell/groupwise/domain name.mta 


Windows: mslocal subdirectory in the directory specified by the --work switch 
For more information, see Section 43.3, “Using MTA Log Files,” on page 677. 


Linux MTA Windows MTA 


Syntax: --log /dir /log-[drive:]\dir 
Nlog-\\svr\sharename\dir 


Example: --log /gwsystem/logs /log-\agt\log 
/log-m:\agt\log 
/log-\\server2\c\mail\agt\log 


You typically find multiple log files in the specified directory. The first four characters represent the 
date. The next three characters identify the agent. A three-digit extension allows for multiple log files 
created on the same day. For example, a log file named 0518mta. 001 indicates that it is an MTA log 
file, created on May 18. If you restarted the MTA on the same day, a new log file is started, named 
0518mta.002. 


See also --loglevel, --logdiskoff, --logdays, and --logmax. 
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45.22 


45.23 


45.24 


--logdays 


Sets the number of days you want MTA log files to remain on disk before being automatically 
deleted. The default log file age is 30 days. See Section 43.3, “Using MTA Log Files,” on page 677. 


Linux MTA Windows MTA 
Syntax: --logdays days /logdays-days 
Example: --logdays 45 /logdays-60 


See also --log, --loglevel, --logdiskoff, and --logmax. 


--logdiskoff 


Turns off disk logging for the MTA so no information about the functioning of the MTA is stored on 
disk. The default is for logging to be turned on. See Section 43.3, “Using MTA Log Files,” on page 677. 


Linux MTA Windows MTA 


Syntax: --logdiskoff /logdiskoff 


See also --loglevel. 


--loglevel 


Controls the amount of information logged by the MTA. Logged information is displayed in the log 
message box and written to the MTA log file during the current agent session. The default is Normal, 
which displays only the essential information suitable for a smoothly running MTA. Use Verbose to 
display the essential information, plus additional information helpful for troubleshooting. Verbose 
logging does not degrade MTA performance, but log files saved to disk consume more disk space 
when verbose logging is in use. See Section 43.3, “Using MTA Log Files,” on page 677. 


Linux MTA Windows MTA 
Syntax: --loglevel level /loglevel-level 
Example: --loglevel verbose /loglevel-verbose 


See also --log, --logdiskoff, --logdays, and --logmax. 
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45.25 


45.26 


45.27 


45.28 


--logmax 


Sets the maximum amount of disk space for all MTA log files. When the specified disk space is 
consumed, the MTA deletes existing log files, starting with the oldest. The default is 102400 KB (100 
MB) of disk space for all MTA log files. The maximum allowable setting is 102400000 (1 GB). Specify 0 
(zero) for unlimited disk space. See Section 43.3, “Using MTA Log Files,” on page 677. 


Linux MTA Windows MTA 
Syntax: --logmax kilobytes /logmax-kilobytes 
Example: --logmax 130000 /logmax-160000 


See also --log, --loglevel, --logdiskoff, and --logdays. 


--maxidlerouters 


Specifies the maximum number of idle router threads the MTA can keep running. The default is 16; 
valid values range from 1 to 16. See Section 44.3, “Optimizing the Routing Oueue,” on page 689. 


Linux MTA Windows MTA 
Syntax: --maxidlerouters threads /maxidlerouters-threads 
Example: --maxidlerouters 10 /maxidlerouters-12 


See also --maxrouters. 


--maxrouters 


Specifies the maximum number of router threads the MTA can start. The default is 16; valid values 
range from 1 to 16. See Section 44.3, “Optimizing the Routing Queue,” on page 689. 


Linux MTA Windows MTA 
Syntax: --maxrouters threads /maxrouters-threads 
Example:  --maxrouters 12 /maxrouters-14 


See also --maxidlerouters. 


--messagelogdays 


Sets the number of days you want MTA message log files to remain on disk before being 
automatically deleted. The default is 30 days. See Section 42.4.2, “Enabling MTA Message Logging,” 
on page 657. 


Linux MTA Windows MTA 


Syntax: --messagelogdays days /messagelogdays-days 
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Linux MTA Windows MTA 


Example: --messagelogdays 45 /messagelogdays-60 


See also --messagelogsettings, --messagelogpath, and --messagelogmaxsize. 


45.29 --messagelogmaxsize 


Sets the maximum size for MTA message log files. The default is 102400 KB (100 MB). The maximum 
allowable setting is 102400000 (1 GB). See Section 42.4.2, “Enabling MTA Message Logging,” on 


page 657. 

Linux MTA Windows MTA 
Syntax: --messagelogmaxsize kilobytes /messagelogmaxsize-kilobytes 
Example: --messagelogmaxsize 130000 /messagelogmaxsize-160000 


See also --messagelogsettings, --messagelogpath, and --messagelogdays. 


45.30 --messagelogpath 


Specifies the directory for the MTA message log. The default location is mlocal\msglog. See 
Section 42.4.2, “Enabling MTA Message Logging,” on page 657. 


Linux MTA Windows MTA 


Syntax: --messagelogpath /dir /messagelogpath-[drive:]\dir 
/messagelogpath-\\svr\sharename\dir 


Example: --messagelogpath /gwsys/logs /messagelogpath-\mta\log 
/messagelogpath-m:\mta\log 
/messagelogpath-\\svr2\c\mail\mta\log 


See also --messagelogsettings, --messagelogdays, and --messagelogmaxsize. 


45.31 --messagelogsettings 


Enables MTA message logging. See Section 42.4.2, “Enabling MTA Message Logging,” on page 657. 


Linux MTA Windows MTA 
Syntax: --messagelogsettings codes /messagelogsettings-codes 
Example: --messagelogsettings e /messagelogsettings-e 


See also --messagelogpath, --messagelogdays, and --messagelogmaxsize. 
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45.32 --msgtranssl 


Enables secure SSL communication between the MTA and the POAs in its domain. See Section 42.2.2, 
“Securing the Domain with SSL Connections to the MTA,” on page 643. 


Linux MTA Windows MTA 


Syntax: --msgtranssl /msgtranssl 


See also --certfile, --keyfile, and --keypassword. 


45.33 --noada 


Disables the MTA admin thread. For an explanation of the MTA admin thread, see “MTA Admin 
Thread Status Box” on page 662. 


Linux MTA Windows MTA 


Syntax: --noada /noada 


Historical Note: In GroupWise 5.2 and earlier, a separate agent, the Administration Agent (ADA), 
handled the functions now consolidated into the MTA admin thread. Hence the switch name, 
--noada. 


45.34 --nodns 


Disables DNS lookups for the MTA. See “Using Dynamic Internet Links” in “Connecting to Other 
GroupWise Systems” in the GroupWise 2012 Multi-System Administration Guide. 


Linux MTA Windows MTA 


Syntax: --nodns /nodns 


45.35 --noerrormail 


Prevents error files from being sent to the GroupWise administrator. The default is for error mail to 
be sent to the administrator. See Section 43.7, “Notifying the Domain Administrator,” on page 682. 


Linux MTA Windows MTA 


Syntax: --noerrormail /noerrormail 
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45.36 


45.37 


45.38 


45.39 


--hondssync 


Disables eDirectory user synchronization. See Section 42.4.1, “Using eDirectory User 
Synchronization,” on page 652. 


Linux MTA Windows MTA 


Syntax: --nondssync N/A 


--norecover 


Disables automatic database recovery. The default is for automatic database recovery to be turned on. 
If the MTA detects a problem with the domain database (wpdomain.db) when automatic database 
recovery has been turned off, the MTA notifies the administrator, but it does not recover the problem 
database. See Chapter 26, “Maintaining Domain and Post Office Databases,” on page 401. 

Linux MTA Windows MTA 


Syntax: --norecover /norecover 


--nosnmp 


Disables SNMP for the MTA. The default is to have SNMP enabled. See Section 43.6, “Using an 
SNMP Management Console,” on page 679. 
Linux MTA Windows MTA 


Syntax: --nosnmp /nosnmp 


--Show 


Starts the Linux MTA with a server console interface similar to that provided for the Windows MTAs. 
This user interface requires that the X Window System and Open Motif are running on the Linux 
server. 


Linux MTA Windows MTA 


Syntax: --show N/A 


The --show switch cannot be used in the MTA startup file. However, if you want the MTA to start 
with a user interface when you run the grpwise script or when the server reboots, you can configure 
the GroupWise High Availability service (gwha) to accomplish this, as described in “Configuring the 
GroupWise High Availability Service in the gwha.conf File” in “Installing GroupWise Agents” in the 
GroupWise 2012 Installation Guide. 
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45.40 


45.41 


45.42 


45.43 


--tcpinbound 


Sets the maximum number of inbound TCP/IP connections for the MTA from POAs and GWIAs 
belonging to the domain and from MTAs and GWIAs in other domains in your GroupWise system. 
The default is 40. There is no maximum number of outbound connections. The only limit on the MTA 
for outbound connections is available resources. See Section 44.1.1, “Adjusting the Number of MTA 
TCP/IP Connections,” on page 685. 


Linux MTA Windows MTA 
Syntax: --tcpinbound number /tcpinbound-number 
Example: --tcpinbound 60 /tcpinbound-70 


--tcpport 


Sets the TCP port number on which the MTA listens for incoming messages from other MTAs, POAs, 
and GWIAs. The default is 7100. See “Using TCP/IP Links between Domains” on page 632. 


Linux MTA Windows MTA 
Syntax: --tcpport port number Itcpport-port number 
Example: --tcpport 7200 /tcpport-7200 


--tcpwaitconnect 


Sets the maximum number of seconds the MTA waits for a connection to another MTA. The default is 
5. See Section 44.1.2, “Adjusting the MTA Wait Intervals for Slow TCP/IP Connections,” on page 686. 


Linux MTA Windows MTA 
Syntax: --tcpwaitconnect seconds /tcpwaitconnect-seconds 
Example: --tcpwaitconnect 10 /tcpwaitconnect-10 


See also --tcpwaitdata. 


--tcpwaitdata 


Sets the maximum number of seconds the MTA attempts to send data over a TCP/IP connection to 
another MTA. The default is 20. See Section 44.1.2, “Adjusting the MTA Wait Intervals for Slow TCP/ 
IP Connections,” on page 686. 


Linux MTA Windows MTA 
Syntax: --tcpwaitdata seconds /tcpwaitdata-seconds 
Example: --tcpwaitdata 30 /tcpwaitdata-30 


See also --tcpwaitconnect. 
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45.44 


45.45 


--vsnoadm 


Prevents GroupWise administration messages from being processed by an integrated virus scanner. 
Because administration messages are created within your GroupWise system, they are not likely to 
contain viruses. In a Group Wise system with a large amount of administrative activity (adding users, 
deleting users, etc.), skipping the virus scanning of administrative messages can speed up processing 
of users” email messages. 


Linux MTA Windows MTA 


Syntax: --vsnoadm /vsnoadm 


--work 


Specifies the directory where the MTA creates its local working directory (mslocal). The default is 
the domain directory. However, if the domain is located on a different server from where the MTA 
will run, use a local directory so the MTA cannot lose its connection to its mslocal directory. 


Linux MTA Windows MTA 


Syntax: --work /dir /work-[drive:]\dir 
/work-\\svr\sharename\dir 


Example: --work /gwmta /work-\gwmta 
/work-m:\gwmta 
/work-\\server2\c\mail\gwmta 
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Document Viewer Agent 


+ Chapter 46, “Understanding Document Conversion,” on page 711 

+ Chapter 47, “Scaling Your DVA Installation,” on page 713 

+ Chapter 48, “Configuring the DVA,” on page 719 

* Chapter 49, “Monitoring the DVA,” on page 725 

* Chapter 50, “Optimizing the DVA,” on page 729 

+ Chapter 51, “Using Document Viewer Agent Startup Switches,” on page 731 


For port number information, see Section A.5, “Document Viewer Agent Port Numbers,” on 
page 1170. 


For detailed Linux-specific DVA information, see Appendix C, “Linux Commands, Directories, and 
Files for GroupWise Administration,” on page 1179. 


For additional assistance in managing the DVA, see GroupWise Best Practices (http:// 
wiki.novell.com/index.php/GroupWise). 
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Understanding Document Conversion 


The document files that users attach to email messages are as varied as the combinations of 
document formats, tools, and users throughout the world. The Document Viewer Agent (DVA), 
which is automatically installed along with the POA and the MTA, accommodates multiple 
attachment formats by converting GroupWise attachments into HTML format. For a list of the file 
types that the DVA can convert, see Oracle Outside In Technology Supported Formats (http:// 
www.oracle.com/technetwork/middleware/content-management/ds-oitfiles-133032.pdf). 


Two GroupWise components rely on document conversion for their functionality: 


+ GroupWise WebAccess: When GroupWise users access their mailboxes through GroupWise 
WebAccess, they expect to view attached documents in their Web browser, regardless of the file 
format of the attached file. For WebAccess users, the DVA converts attached document files into 
HTML so that the attachments can be viewed along with the email messages or other 
GroupWise items to which the documents are attached. 


+ Post Office Agent: When GroupWise users access their mailboxes in any manner and use the 
Find feature to search for text, they expect to locate the text in attached documents as well as in 
email messages and other GroupWise items. For all GroupWise users, the DVA converts 
attached document files into HTML, so that attachments can be indexed by the POA. 


IMPORTANT: By default, the POA uses the Document Converter Agent (DCA) to convert 
documents into HTML format for indexing. The DCA is an internal POA process and is not as 
scalable as the DVA. You must manually configure the POA to use the DVA instead of the 
default DCA, as described in Section 39.3, “Enabling the Document Viewer Agent (DVA) for 
Indexing,” on page 576. 


The DVA can simultaneously convert multiple document files into HTML format. 


Because some document files contain unexpected data, they cannot be successfully converted into 
HTML format for viewing in GroupWise WebAccess and for indexing by the POA. The DVA isolates 
the document conversion task from other GroupWise activities. If the DVA encounters a problem 
converting a particular document file, the problem does not affect conversion of other document files, 
nor does it affect the user experience in GroupWise, except that the problem document cannot be 
viewed in WebAccess and cannot be located using the Find feature. 
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47.1 


47.1.1 


Scaling Your DVA Installation 


If your GroupWise system is relatively small (one domain and a few post offices), a basic installation 


of one DVA along with each POA might meet your needs. However, if your GroupWise system is 


large or reguires failover support, you can scale your DVA installation to better meet the reliability, 


performance, and availability needs of your GroupWise users. 


+ Section 47.1, “DVA Configurations,” on page 713 
+ Section 47.2, “DVA Installation on Additional Servers,” on page 715 


DVA Configurations 


Depending on the needs of your GroupWise system, it might be necessary for you to have multiple 


DVAs running to service WebAccess Applications and POAs. 


+ Section 47.1.1, “Basic DVA Installation,” on page 713 

+ Section 47.1.2, “Multiple DVAs for WebAccess,” on page 714 
+ Section 47.1.3, “Multiple DVAs for a Post Office,” on page 714 
+ Section 47.1.4, “Multiple Shared DVAs,” on page 715 


Basic DVA Installation 


By default, the DVA is installed along with each POA that you install and is configured to 
communicate with that specific POA. 


When you install WebAccess on a Web server, you configure the WebAccess Application to 
communicate with one DVA. 


ER 


5 WebAccess 
i Web ji ® Application 


Server 
Post Office 
Agent a 


Document 
Viewer = 
Agent S 
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47.1.2 


47.1.3 


Depending on the needs for attachment viewing in GroupWise WebAccess and for attachment 
indexing for all users, it might be necessary for you to add additional DVAs to your system. Although 
the DVA software is installed along with the POA and MTA software, you can install the agent 
software on any server and run the DVA without running the other agents on that server. For 
instructions, see Section 47.2, “DVA Installation on Additional Servers,” on page 715. 


Multiple DVAs for WebAccess 


If GroupWise WebAccess users display a large number of attached documents, you can install and 
configure multiple DVA to service the WebAccess Application so that attached documents can be 
displayed more promptly. 


WebAccess 
Application 
Web a ti 
Server äi gy i 
= = Document 
Viewer 
7 = Agents 
Document 5 
Viewer S 
Agent E 


For more information about this configuration, see Section 62.1.3, “Configuring Multiple DVAs for 
the WebAccess Application,” on page 905. 


Multiple DVAs for a Post Office 


One DVA might provide sufficient indexing performance for the POA, but you might want to protect 
against downtime that would occur if the DVA became unavailable because of server failure or some 
other reason. Installing more than one DVA enables you to set up failover support to make document 
conversion and indexing more reliable. 


If you have a post office with a heavy load of attachment indexing, you can install and configure 
multiple DVAs to service the POA for that post office. 


Post Office = Document 
Agent 9 Viewer 


Agents 


NL 


Document 
Viewer = 
Agent à 


For more information about this configuration, see Section 39.3, “Enabling the Document Viewer 
Agent (DVA) for Indexing,” on page 576. 
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47.1.4 


47.2 


47.2.1 


Multiple Shared DVAs 


When you install multiple DVAs, they can be accessed by both WebAccess Applications and POAs if 
that works well for your GroupWise system configuration. 


WebAccess 
Application 


Web äi i” i ü à 
Server d 
Document = Post Office 
ER Viewer EB — Agent 


| Agents A 


Document Document 
Viewer Viewer 
Agent > “J Agent 


DVA Installation on Additional Servers 


The following sections assume that you are already running the DVA that was installed along with 
the POA for a post office, and that you want to install additional DVAs to run independently on other 
servers for use by the WebAccess Application and /or the POA. When the WebAccess Application 
needs additional DVAs, you might want to install one on the Web server itself. 


IMPORTANT: Make sure that the servers where you install the DVA meet the system reguirements 
listed in “Agent System Reguirements”. 


+ Section 47.2.1, “Linux: Installing Additional DVAs,” on page 715 
+ Section 47.2.2, “Windows: Installing Additional DVAs,” on page 716 


Linux: Installing Additional DVAs 


1 Ina terminal window on the server where you want to install the DVA, log in as root, then 
provide the root password. 


2 Changetothe root directory of the downloaded GroupWise 2012 software image. 
Or 


If you have already copied the agent software to a software distribution directory, change to / 
opt/novell/groupwise/software. 


3 Run ./install. 


4 Selectthe language in which you want to run the GroupWise Installation program, then click 
OK. 


5 On the main GroupWise System Installation page, click Install Products > Group Wise Agents > 
Install Agents to install the GroupWise agent software, including the DVA 


6 When the installation is complete, click OK. 
The GroupWise agent software, including the DVA, is installed to the following directory: 


/opt/novell/groupwise/agents 


7 Click Configure GroupWise Agents, then click Next. 
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8 Acceptthe License Agreement, then click Next. 
9 On the Domains/Post Offices page, click Next. 


By not specifying any domains or post offices, you keep the MTA and the POA from being 
configured to run on this server. 


Document Viewer Agent 


Yes 


10 In the Document Viewer Agent dialog box, click Yes to configure the DVA for high availability. 


For more information, see “Enabling the GroupWise High Availability Service for the Linux 
GroupWise Agents” in “Installing GroupWise Agents” in the GroupWise 2012 Installation Guide. 


or 
Click No if you do not want to configure the DVA for high availability. 


11 (Conditional) If you do not want the DVA to start automatically when the server restarts, 
deselect Launch GroupWise Agents on System Startup. 


12 Click Exit to exit the GroupWise Agent Installation program. 
13 Exit the GroupWise Installation program. 


14 Use the following commands to manually manage the DVA on the Linux server: 


rcgrpwise start gwdva 
rcgrpwise stop gwdva 

rcgrpwise status gwdva 
rcgrpwise print gwdva 


or 
Use the following command to start the Linux DVA: 
/opt/novell/groupwise/agents/bin/gwdva @gwdva.dva 


When you use this command to start the DVA, you must use the kill command to stop it, as 
described in Stopping the Linux GroupWise Agents as Daemons in “Installing GroupWise 
Agents” in the GroupWise 2012 Installation Guide. 


NOTE: Currently, the DVA must run as root. It cannot be configured to run as a non-root user 
as the other GroupWise agents can. 


15 To configure the DVA, see Chapter 48, “Configuring the DVA,” on page 719. 
16 To monitor the DVA, see Chapter 49, “Monitoring the DVA,” on page 725. 
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1 Change to the root directory of the downloaded GroupWise 2012 software image. 
or 


(Conditional) If you have already copied the agent software to a software distribution directory, 
change to that location 


2 Run setup.exe. 


3 (Conditional) If prompted, select the interface language for the Installation program, then click 
OK. 
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On the main GroupWise System Installation page, click Install Group Wise System, then click Yes to 
accept the License Agreement and display the Installation Type page. 


When you install the agents, you are performing a Standard installation. 


5 Click Next to accept the default of Standard. 


6 Select Install Individual Components, deselect GroupWise Administration, then click Next. 


7 Onthe Installation Path page, select Install the software files, but do not configure the agents, then 


10 


12 


click Next. 


When you install the DVA along with the MTA and the POA, the agents are installed as 
Windows services by default. When you install the DVA independently, you must select Install 
the software files, but do not configure the agents in order to skip the Domains/Post Offices page 
where the MTA and POA are configured. This deselects Install as Windows services, so when you 
install the DVA independently, you must install it as a Windows application. 


On the Summary and Modification page, click Install. 
The GroupWise agents are installed to the following directory: 


c:\Program Files\Novell\GroupWise Server\Agents 


Because you did not configure the MTA and the POA, they do not run on the server, even 
though the agent software was installed. 


Click Finish to exit the Agent Installation program. 
Click the Windows Start menu > All Programs > Novell GroupWise Agents > GWDVA. 
The DVA server console opens on the Windows desktop. 


To monitor the DVA in your Web browser, see Section 49.2, “Using the DVA Web Console,” on 
page 725. 


To configure the DVA, see Chapter 48, “Configuring the DVA,” on page 719. 
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48.1 


48.2 


48.2.1 


Configuring the DVA 


The DVA is automatically installed along with the POA and the MTA. The default configuration of 
the DVA is sufficient to provide basic document conversion functionality. The DVA is configured by 
editing its startup file (gwdva . dva). 


+ Section 48.1, “Editing the gwdva.dva File,” on page 719 

+ Section 48.2, “Performing Basic DVA Configuration,” on page 719 

+ Section 48.3, “Enabling the DVA Document Ouarantine,” on page 722 

+ Section 48.4, “Putting DVA Configuration Changes into Effect,” on page 722 


Editing the gwdva.dva File 


The location of the gwdva . dva file varies by platform: 


Linux: /opt/novell/groupwise/agents/share 


Windows: c:\Program Files\Novell\GroupWise Server\Agents 


You can use any ASCII text editor that you prefer to edit the gwdva. dva file. 


IMPORTANT: When you update the DVA software, a new gwdva . dva file is installed. The existing 
gwdva . dva file is retained as gwdva . nnn, where nnn increments each time you update the DVA 
software. 


Performing Basic DVA Configuration 


+ Section 48.2.1, “Setting the DVA Home Directory,” on page 719 
+ Section 48.2.2, “Changing the DVA IP Address or Port Number,” on page 720 


+ Section 48.2.3, “Securing Document Conversion with SSL Connections,” on page 721 


Setting the DVA Home Directory 


By default, the DVA creates its working directory named gwdva.dir under the directory where the 
DVA is installed. The location varies by platform: 


Linux: /opt /novell/groupwise/agents/bin/gwdva.dir 


Windows: c:\Program Files\Novell\GroupWise Server\Agents\gwdva.dir 
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48.2.2 


The DVA working directory has four subdirectories (log, quarantine, temp, and template). If this 
directory consumes more disk space than you want consumed in a software subdirectory, you can 
move it to a different location on the local server or to a location on a remote server. 

1 Open the gwdva. dva file in a text editor. 


2 Search to find the following switch: 


/home 


3 Remove the semicolon (;) to activate the setting. 


4 Specify the full path name for the DVA working directory., for example: 


Linux: /opt /novell/groupwise/gwdva 


Windows: c:\Program Files\Novell\GroupWise Server\gwdva 
m: \gwsystem\gwdva 
\\gwserver5\c\gwsystem\gwdva 


On Windows, if you are running the DVA as a Windows service rather than as an application, 
the format you use for the path name influences the Windows user account that the DVA service 
can run under. If you specify a home directory on the local server or on a mapped drive, the 
DVA service can run under the local system account. If you specify a home directory as a UNC 
path to a remote server, the DVA service must run as a Windows user that has rights to access 
the remote home directory. 


IMPORTANT: For simplicity of DVA administration, running the DVA as the Windows 
Administrator user is highly recommended. 


(Optional) Use the --log, --temp, and --template switches to move these subdirectories out from 
under the DVA working directory. The quarantine directory cannot be moved. 


6 Save the gwdva.dva file. 
7 Skip to Section 48.4, “Putting DVA Configuration Changes into Effect,” on page 722. 


Changing the DVA IP Address or Port Number 


The DVA communicates with the other programs (the WebAccess Application, the POA, and the 
DVA Web console) by way of HTTP. By default, the DVA uses the first IP address it finds on the 
server and listens on port 8301. 


1 Open the gwdva. dva file in a text editor. 
2 Change the IP address: 


2a Search to find the following switch: 
/ip 
2b Remove the semicolon (;) to activate the setting. 


2c Specify the IP address that you want the DVA to use. 


3 Change the port number: 


ga Search to find the following switch: 


/httpport 


3b Remove the semicolon (;) to activate the setting. 
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3c Specify the port number that you want the DVA to use. 


Worker threads are assigned port numbers ascending above the main port number. For 
example, if you decide to use a main port number of 8500, the 5 default worker threads 
would be assigned ports 8501 through 8505. You must make sure that none of these 
incremental port numbers are already in use onthe server, up to the largest possible 
number of DVA threads that could be started. For more information, see Section 50.1, 
“Controlling Thread Usage,” on page 729. 


4 Save the gwdva.dva file. 
5 Skip to Section 48.4, “Putting DVA Configuration Changes into Effect,” on page 722. 


For information about how the DVA interacts with other programs, see: 
+ “Configuring Multiple DVAs for the WebAccess Application” on page 905 


+ “Enabling the Document Viewer Agent (DVA) for Indexing” on page 576 
+ “Configuring the DVA Web Console” on page 726 


48.2.3 Securing Document Conversion with SSL Connections 


Secure Sockets Layer (SSL) ensures secure communication between the DVA and other programs 
(WebAccess Application, POA, and DVA Web console) by encrypting the complete communication 
flow between the programs. By default, SSL is not enabled for the DVA. 


For background information about using SSL with GroupWise agents, see Section 83.2, “Server 
Certificates and SSL Encryption,” on page 1107. The server where the DVA is installed must have a 
public certificate file and private key file before you can enable SSL for the DVA. 


NOTE: When you enable SSL for the DVA, any POAs that it communicates with must also be 
enabled for SSL. 


1 Open the gwdva. dva file in a text editor. 
2 Search to find the following switch: 


/httpss1 
3 Remove the semicolon (;) to activate the setting. 
4 For subsequent switches: 
4a Specify the full path name to the SSL public certificate file. 
The DVA requires that the certificate file be in PEM format. 
4b Specify the full path name to the SSL private key file. 
4c Specify the password for the private key file. 
5 Save the gwdva.dva file. 
6 Skip to Section 48.4, “Putting DVA Configuration Changes into Effect,” on page 722. 
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48.3 Enabling the DVA Document Quarantine 


You can configure the DVA to guarantine document files that cannot be converted to HTML format 
for viewing in Group Wise WebAccess, so that they can be examined manually if necessary. You can 
control the maximum amount of disk space that the document guarantine is allowed to occupy. You 
can also control the maximum amount of time that document files remain in the guarantine. 

1 Open the gwdva. dva file in a text editor. 


2 Searchto find the following switch: 


/quarantine 


3 Remove the semicolon (;) to activate the setting. 


With the quarantine activated, document files that fail HTML conversion are placed in the 
quarantine subdirectory of the DVA working directory (gwdva .dir). 


4 (Optional) As needed, increase or decrease the number of days that document files are held in 
guarantine. 


The default is 7 days. 


5 (Optional) As needed, increase or decrease the amount of disk space that the guarantine is 
allowed to consume. 


The default is 100 MB. Ouarantined document files that exceed the maximum time limit are 
removed even if the maximum guarantine size has not been exceeded. 


6 (Conditional) When you are finished examining the guarantined document files, set the 
maximum guarantine size to 0 (zero). 


This disables the guarantine and deletes all the guarantined document files. 


IMPORTANT: Ouarantined document files are not encrypted, so you should disable the 
guarantine as soon as you are finished examining the guarantined files. 


7 Save the gwdva .dva file. 
8 Continue with Putting DVA Configuration Changes into Effect. 


NOTE: If files passed to the DVA from the POA for HTML conversion in preparation for indexing fail 
in HTML conversion by the DVA, they are placed in the post office/oftemp/gwdca/problem 
directory, as if they had been processed by the DCA rather than the DVA. For more information 
about the DCA, see Section 39.2, “Configuring the Document Converter Agent (DCA),” on page 575. 


48.4 Putting DVA Configuration Changes into Effect 


After you edit the gwdva . dva file, stop and then start the DVA to put the changes into effect. 


+ Section 48.4.1, “Linux: Stopping and Starting the DVA,” on page 722 
+ Section 48.4.2, “Windows: Stopping and Starting the DVA,” on page 723 


48.4.1 Linux: Stopping and Starting the DVA 


On Linux, use the following commands to stop and start the Linux DVA: 


rcgrpwise stop gwdva 
rcgrpwise start gwdva 
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48.4.2 Windows: Stopping and Starting the DVA 


On Windows, stop and start the DVA as you would any other Windows GroupWise agent, as 
described in the following sections of the GroupWise 2012 Installation Guide: 


+ “Starting the Windows GroupWise Agents” 
+ “Stopping the Windows GroupWise Agents” 
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Q Monitoring the DVA 


49.1 


49.2 


The DVA can be monitored at the server where it runs (Windows only) and also in your Web 


browser. You can also use log files to monitor the DVA. 


+ Section 49.1, “Using the DVA Server Console (Windows Only),” on page 725 
+ Section 49.2, “Using the DVA Web Console,” on page 725 


+ Section 49.3, “Using DVA Log Files,” on page 727 


Using the DVA Server Console (Windows Only) 


The DVA server console displays messages about DVA functioning. 


17 200606 Document Viewer Agent Configuration Information 


General Settin 
Agent Versio 
Server Platfo 
File Quarantin 
Max Quarantine File Age (days): 7 
Max Quarantine File Disk Space <MB>: 188 


812.8.8<187/672011) 


Work Directory: C:\Program Files <x86JNNovel1l1NGroupllise Server\fg 


.dir\temp 
1? 


\Program Files ¢x86>\Novell\GroupWise Server\fAgents\g 


Max Log File Age (days): 30 
Max Log Disk Space <KB>: 102488 


r Settings: 
: 172.15.5.18 
for Incoming Connection 
WebConsole Url: http://172.15.5.18: 
Initializing worker processes 


Performance Settings: 
Proc ing Threa 5 (Default) 
: GWDVA-HttpListener inning 
: GWDVA-HttpHandler-1 running 
=: GWDVA-HttpHandler-2 running 
: GUDUA-HttpHandler-3 is running 
=: GUDUA-HttpHandler-4 is running 
p: GWDUA-HttpHandler-5 is running 
1 <2908> running 
p: 2 <244) running 
6 Worker 3 (3504) running 
Worker 4 €3628> running 


These messages are also written to the DVA log file, described in Section 49.3, “Using DVA Log 


Files,” on page 727. 


Using the DVA Web Console 


NT 6.1 Build 7661 Service Pack 1 


lol xi 


The DVA Web console enables you to monitor the DVA from any location where you have access to a 


Web browser and the Internet. 


+ “Configuring the DVA Web Console” on page 726 


+ “Viewing the DVA Web Console” on page 726 
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49.2.1 Configuring the DVA Web Console 


1 Open the gwdva. dva file in a text editor. 
2 To specify the user name for logging into the DVA Web console: 
2a Search to find the following line: 
httpuser 
2b Remove the semicolon (;) to activate the setting. 
2c Specify a unique user name. 
3 To specify the password for logging into the DVA Web console: 


ga Search to find the following line: 
httppassword 

3b Remove the semicolon (;) to activate the setting. 

3c Specify the password for the Web console user. 


Unless you are using an SSL connection, do not use a Novell eDirectory user name and 
password because the information passes over the non-secure connection between your 
Web browser and the DVA. 


4 (Conditional) If the default DVA HTTP port of 8301 is already in use on the server: 
4a Search to find the following line: 
httpport 
4b Remove the semicolon (;) to activate the setting. 
4c Specify a unique port number. 
5 Save the gwdva.dva file. 
6 Skip to Section 48.4, “Putting DVA Configuration Changes into Effect,” on page 722. 


49.2.2 Viewing the DVA Web Console 


1 Ina Web browser, enter the following URL: 
http://server_address:port_number 


Replace server_address with the DVA server IP address or DNS hostname, and replace 
port_number with 8301 or whatever port number you have specified in the DVA startup file. 
2 When prompted, enter the user name and password. 


The DVA Web console is displayed. 


GroupWise 2012 Document Viewer Agent 


Status | Configuration | Environment | Log Files | Quarantine Files | Help 
Up Time: 0 Days 5 Hours 27 Minutes 


Total Busy Peak 
Worker Processes 5 1 1 
Server Information 
Platform Name Linux Release 2.6.16.60-0.54.5-default 
High Availability Port 8400 


Request Statistics 
Total 


File Conversion Requests 0 
Conversion Success 

Conversion Failure 0 
Worker Abends 0 


Exceeded Time Limit 


o 
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Through the DVA Web console you can view the following information: 
+ Status: Displays how long the DVA has been up, the number of worker threads it has started, 
the current server utilization, and statistics about the files the worker threads have processed. 


+ Configuration: Displays the current settings of all the options that you can set in the DVA 
startup file (gwdva . dva). For more information, see Chapter 48, “Configuring the DVA,” on 
page 719. 


¢ Environment: Displays server information such as name, operating system date, memory, 
processor utilization, and loaded modules. 


+ Log Files: Lets you view the contents of the DVAS log files and the current log settings. For more 
information, see Section 49.3, “Using DVA Log Files,” on page 727. 


+ Quarantine Files: Indicates whether the document quarantine is enabled, and if so, what files 
have been quarantined. For more information, see Section 48.3, “Enabling the DVA Document 
Quarantine,” on page 722 


For detailed information about each field on the DVA Web console pages, click Help. 


You cannot use the Web console to change any of the DVAS settings. Changes must be made through 
the DVA startup file (gwdva .dva). 


49.3 Using DVA Log Files 


Error messages and other information about DVA functioning are written to log files as well as 
displaying on the DVA server console (Windows only). Log files can provide a wealth of information 
for resolving problems with DVA functioning. Logging is enabled by default. 


+ Section 49.3.1, “Locating DVA Log Files,” on page 727 

+ Section 49.3.2, “Configuring DVA Log Settings,” on page 727 

+ Section 49.3.3, “Viewing DVA Log Files,” on page 728 

+ Section 49.3.4, “Interpreting DVA Log File Information,” on page 728 


49.3.1 Locating DVA Log Files 


The default location of the DVA log files varies by platform: 


Linux: /var/log/novell/groupwise/gwdva 
Windows: c:\Program Files\Novell\GroupWise Server\Agents\gwdva.dir\log 


You can change the location where the DVA creates its log files, as described in Configuring DVA Log 
Settings. 


49.3.2 Configuring DVA Log Settings 


1 Open the gwdva. dva file in a text editor. 

2 Search to find the Log Switches section. 

3 Adjust the following log settings as needed: 
--loglevel: There are three log levels: 


+ Normal (default) Displays warnings and errors. 
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49.3.3 


49.3.4 


+ Verbose: Displays the Normal log level information, plus information messages and user 
reguests. 
+ Diagnostic: Displays all possible information. Use Diagnostic only if you are 
troubleshooting a problem with the DVA. 
The Verbose and Diagnostic log levels do not degrade DVA performance, but log files 
consume more disk space when Verbose or Diagnostic logging is in use. 
--log: For the default location of DVA log files, see Section 49.3.1, “Locating DVA Log Files,” on 
page 727. Specify a different location for DVA log files as needed. 
--logdays: Specify the number of days you want to retain the log files. The DVA retains log files 
for the specified number of days unless the maximum disk space for the log files is exceeded. 
The default age is 30 days. 
--logmax: Specify the maximum amount of disk space you want to use for DVA log files. If the 
disk space limit is exceeded, the DVA deletes log files, beginning with the oldest file, until the 
limit is no longer exceeded. The default disk space is 102400 KB (100 MB). 
4 Save the gwdva.dva file. 


5 Skip to Section 48.4, “Putting DVA Configuration Changes into Effect,” on page 722. 


Viewing DVA Log Files 


For the default location of the DVA log files, see Section 49.3.1, “Locating DVA Log Files,” on 
page 727 


When logging is turned on, the DVA creates a new log file each day and each time it is restarted. 
Therefore, you find multiple log files in the log file directory. The first four characters represent the 
date (mmdd). The next three characters identify the agent (dva). A three-digit extension allows for 
multiple log files created on the same day. For example, a log file named 0518dva. 001 indicates that 
it is a DVA log file created on May 18. 


For convenience, you can view DVA log files in the DVA Web console: 


GroupWise 2012 Document Viewer Agent 


Status | Configuration | Environment | Log Files | Ouarantine Files | Help 


Events Containing 


Event logs: E Selectall 
1107dva.001 11-17-11 13:04:21 0001978 a 
1128dva 001 11-28-11 19:19:29 0000842 


1117dva.001 12-05-11 13:55:34 0001968 
1205dva.001 12-05-11 19:45:46 0001972 
* 1205dva 002 12-05-11 19:46:00 0001852 >] 


View Events Cycle Log 


Interpreting DVA Log File Information 


On startup, the DVA records the DVA settings currently in effect. Thereafter, it logs events that take 
place, including errors. 


Because the DVA consists of multiple threads, you might find it useful to retrieve the log file into an 
editor and sort it on the thread ID that follows the date and time information. Sorting groups all 
messages together for the same DVA thread. You can also use the search capability of the DVA Web 
console to gather information about events that contain a specific string. 
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50.1 


Optimizing the DVA 


+ Section 50.1, “Controlling Thread Usage,” on page 729 


+ Section 50.2, “Controlling Maximum Document Conversion Size and Time Limits,” on page 730 


Controlling Thread Usage 


By default, the DVA starts 5 worker threads for converting attached document files into HTML 
format. It adds threads as demand for document file conversion increases. By default, the DVA can 
start a maximum of 20 worker threads. 

1 Open the gwdva. dva file in a text editor. 

2 To set the initial number of worker threads to start: 


2a Search to find the following switch: 


/httpthread 


2b Remove the semicolon (;) to activate the setting. 


2c Specify the maximum number of worker threads that you want to the DVA to start 
automatically. 


3 Tosetthe maximum number of worker threads: 


ga Search to find the following switch: 


/httpmaxthread 
3b Remove the semicolon (;) to activate the setting. 
3c Specify the maximum number of worker threads that the DVA is allowed to start. 


You can increase the maximum number of worker threads to allow the DVA to use more 
server resources, or you can decrease the maximum number of worker threads to cause the 
DVA to use fewer server resources. 


4 Save the gwdva.dva file. 
5 Skip to Section 48.4, “Putting DVA Configuration Changes into Effect,” on page 722. 
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50.2 Controlling Maximum Document Conversion Size and Time 

Limits 
If the DVA starts converting a very large document file, it can take a very long time to complete the 
conversion into HTML format. The maximum size limit for document files processed by the DVA is 
initially set by the program that sends the document files to the DVA for conversion. For more 
information, see: 

+ WebAccess: Section 62.3.3, “Controlling Viewable Attachment Size,” on page 913 

* POA: Section 39.4, “Controlling Maximum Document Conversion Size and Time,” on page 577 
However, you can prevent the DVA from ever accepting document files over a specific size. You can 
also limit the amount of time a DVA worker thread spends converting a single document file. 

1 Open the gwdva. dva file in a text editor. 

2 To establish a maximum document file size: 


2a Search to find the following switch: 


/maxsize 
2b Remove the semicolon (;) to activate the setting. 


2c Specify the maximum size in kilobytes for document files that you want the DVA to accept 
for conversion. 


By default, the DVA accepts all files that are sent to it by the WebAccess Application and 
the POA. 


3 To change the maximum length of time the DVA processes a single document file: 


ga Search to find the following switch: 


/maxtime 


3b Remove the semicolon (;) to activate the setting. 


3c Specify the maximum number of seconds that you want the DVA to work at converting a 
single document file. 


The default is 300 seconds (5 minutes). Valid values range from 60 seconds (1 minute) to 
1200 seconds (20 minutes). 


4 Save the gwdva.dva file. 
5 Skip to Section 48.4, “Putting DVA Configuration Changes into Effect,” on page 722. 
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The DVA is configured by editing its startup file (gwdva . dva). The default location for the startup file 
varies by platform. 

Linux: /opt/novell/groupwise/agents/share 

Windows: c:\Program Files\Novell\GroupWise Server\Agents 


When you update the agent software, the existing DVA startup file can be retained or overwritten as 
needed. 


Linux: When you use both the Install and Configure options in the Agent Installation program, the 
existing DVA startup file is backed up and then overwritten. When you use only the Install option, 
the existing DVA startup file is retained. 


Windows: When you select Install the software files, but do not configure the agents in the Agent Installation 
program, the existing DVA startup file is retained. When you do not select this option, the existing 
DVA startup file is backed up and then overwritten. 


The table below summarizes DVA startup switches and how they correspond to configuration 
settings in ConsoleOne. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


Linux DVA Windows DVA ConsoleOne Settings 
--home /home N/A 
--httpmaxthread /httpmaxthread N/A 
--httppassword /httppassword N/A 
--httpport /httpport N/A 
--httpssl /httpssl N/A 
--httpthread /httpthread N/A 
--httpuser Ihttpuser N/A 
--ip lip N/A 
--lang /lang N/A 
--log /log N/A 
--logdays /logdays N/A 
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Linux DVA Windows DVA ConsoleOne Settings 
--loglevel /loglevel N/A 
--logmax /logmax N/A 
--maxquarantineage /maxquarantineage N/A 
--maxquarantinesize /maxquarantinesize N/A 
--maxsize /maxsize N/A 
--maxtime /maxtime N/A 
--quarantine /quarantine N/A 
--ssicert /sslcert N/A 
--ssikey /sslkey N/A 
--sslkeypassword /sslkeypassword N/A 
--temp /temp N/A 
--template /template N/A 


51.1 --home 


Specifies the location for the DVA working directory. The default is gwdva.dir in the DVA 
installation directory. See Section 48.2.1, “Setting the DVA Home Directory,” on page 719. 


Linux DVA Windows DVA 
Syntax: --home /directory /home-[drive:]\dir 
/home-\\svr\sharename\dir 
Example: --home /opt/novell/groupwise/gwdva /home-\Program Files\Novel\GroupWise Server\gwdva 


/home-m:\temp/gwdva 
/home-\\server2\c\temp\gwdva 


If you specify a UNC path with the --home switch when you run the DVA as a Windows service, you 
must configure the DVA service to run under a specific Windows user account. If you specify a local 
directory or a mapped drive, you can configure the DVA service to run under the local system 
account. However, running under the Administrator account is highly recommended. 


51.2 --httpmaxthread 


Specifies the maximum number of worker threads that the DVA can start. By default, the DVA creates 
new worker threads as needed to handle the current document conversion load, and the default 
maximum is 20 threads. See Section 50.1, “Controlling Thread Usage,” on page 729 


Linux DVA Windows DVA 


Syntax: --httpmaxthread number /httpmaxthread-number 


Example: --httpmaxthread 7420 /httpmaxthread-7410 
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51.3 


51.4 


51.5 


See also --httpthread. 


--httpport 


Sets the HTTP port number used for the DVA to communicate with other programs (the WebAccess 
Application, the POA, and the DVA Web console). The default is 8301; the setting must be unique. See 
Section 48.2.2, “Changing the DVA IP Address or Port Number,” on page 720. 


Linux DVA Windows DVA 
Syntax: --httpport port_number /httpport-port_number 
Example: --httpport 8302 /httpport-8303 


See also --httppassword, and --httpuser. 


--httppassword 


Specifies the password for the DVA to prompt for before allowing DVA status information to be 
displayed in your Web browser in the DVA Web console. See “Configuring the DVA Web Console” 
on page 726. 


Linux DVA Windows DVA 
Syntax: --httppassword unique_password /httppassword-unique_password 
Example: --httppassword AgentWatch /httppassword-AgentWatch 


See also --httpport, and --httpuser. 


--httpssl 


Enables secure SSL connections between the DVA and other programs (the WebAccess Application, 
the POA, and your Web browser for the DVA Web console). See Section 48.2.3, “Securing Document 
Conversion with SSL Connections,” on page 721. 


Linux DVA Windows DVA 


Syntax: --httpssl /httpssl 


See also --sslcert, --sslkey, and --sslkeypassword. 
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51.6 --httpthread 


Sets the default number of worker threads that the DVA starts. The default is 5 threads. As the 
document conversion load increases, the DVA starts additional worker threads until the number set 
by the --httpmaxthread startup switch is reached. See Section 50.1, “Controlling Thread Usage,” on 


page 729. 

Linux DVA Windows DVA 
Syntax: --httpthread threads /httpthread threads 
Example: --httpthread 10 /httpthread 15 


See also --httpmaxthread. 


51.7 --httpuser 


Specifies the user name for the DVA to prompt for before allowing DVA status information to be 
displayed in a Web browser at the DVA Web console. See “Configuring the DVA Web Console” on 


page 726. 

Linux DVA Windows DVA 
Syntax: --httpuser unique_name /httpuser-unique_name 
Example: --httpuser DVAWebCon /httpuser-DVAWebCon 


See also --httpport and --httppassword. 


518 --ip 


Specifies the IP address that the DVA listens on for HTTP requests from other programs (the 
WebAccess Application, the POA, and the DVA Web console). The default is the first IP address that 
the DVA finds on the server. See Section 48.2.2, “Changing the DVA IP Address or Port Number,” on 


page 720. 

Linux DVA Windows DVA 
Syntax: --ip IP. address lip-IP. address 
Example: --ip 172.16.5.18 lip-172.16.5.18 


See also --httpport. 
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51.9 


51.10 


51.11 


--lang 


Specifies the ISO language code that the DVA should use if it cannot determine the language of a 
document that needs conversion. The default is en for English. 


Linux DVA Windows DVA 
Syntax: --lang /SO_ code llang-ISO code 
Example: --lang de /lang-es 


See Chapter 7, “Multilingual GroupWise Systems,” on page 123 for a list of GroupWise language 
codes. 


--log 
Sets the directory where the DVA stores its log files. For more information, see Section 49.3.2, 
“Configuring DVA Log Settings,” on page 727. 

Linux DVA Windows DVA 


Syntax: --log /dir llog-[drive:]\dir 
/log-\\svr\sharename\dir 


Example: --log /gwsystem/logs /log-\agt\log 
/log-m:\agt\log 
/log-\\server2\c\mail\agt\log 


See also --loglevel, --logdays, and --logmax. 


--logdays 


Specifies how many days to keep DVA log files on disk. The default is 30 days. See Section 49.3.2, 
“Configuring DVA Log Settings,” on page 727. 


Linux DVA Windows DVA 
Syntax: --logdays days /logdays-days 
Example: --logdays 10 /logdays-14 


See also --log, --loglevel, and --logmax. 
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51.12 --loglevel 


Controls the amount of information logged by the DVA. Valid settings are Normal, Verbose, 
Diagnostic, and Off. The default is Normal. For more information, see Section 49.3.2, “Configuring 
DVA Log Settings,” on page 727. 


Linux DVA Windows DVA 
Syntax: --loglevel level /loglevel-level 
Example: --loglevel verbose /loglevel-verbose 


See also --log, --logdays, and --logmax. 


51.13 --logmax 


Sets the maximum amount of disk space for all DVA log files. When the specified disk space is 
consumed, the DVA deletes existing log files, starting with the oldest. The default is 102400 KB (100 
MB). The maximum allowable setting is 102400000 (1 GB). See Section 49.3.2, “Configuring DVA Log 
Settings,” on page 727. 


Linux DVA Windows DVA 
Syntax: --logmax kilobytes /logmax-kilobytes 
Example: --logmax 130000 /logmax-1600 


See also --log, --logdays, and --logmax. 


51.14 --maxquarantineage 


Specifies the maximum number of days that document files that fail in HTML conversion are 
retained in the quarantine. By default, the guarantine is disabled. See Section 48.3, “Enabling the 
DVA Document Ouarantine,” on page 722 


Linux DVA Windows DVA 
Syntax: --maxguarantineage days /maxquarantineage-days 
Example: --maxquarantineage 15 /maxquarantineage-60 


See also --quarantine and --maxquarantinesize. 
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91.15 


51.16 


51.17 


--maxguarantinesize 


Specifies in megabytes the maximum amount of disk space that the document guarantine can occupy. 
The default is 100 MB. To clear out the contents of the guarantine, set --maxguarantinesize to 0 (zero); 
this also disables the guarantine in the future. See Section 48.3, “Enabling the DVA Document 
Ouarantine,” on page 722. 


Linux DVA Windows DVA 
Syntax: --maxguarantinesize megabytes /maxquarantinesize-megabytes 
Example: --maxquarantinesize 200 /maxquarantinesize-300 


See also --quarantine and --maxquarantineage. 


--maxsize 


Specifies in kilobytes the maximum size for document files that you want the DVA to accept for 
conversion. The default maximum size is 20480 (20 MB). See Section 50.2, “Controlling Maximum 
Document Conversion Size and Time Limits,” on page 730. 


Linux DVA Windows DVA 
Syntax: --maxsize kilobytes /maxsize-kilobytes 
Example: --maxsize 30240 /maxsize-10240 


The DVA receives files to convert from the WebAccess Application and the POA. The initial 
maximum size limit for document files processed by the DVA is set by the program that sends the 
document files. The sending programs should be configured to send document files within the 
maximum size allowed by the DVA. See: 


+ WebAccess: Section 62.3.3, “Controlling Viewable Attachment Size,” on page 913 


* POA: Section 39.4, “Controlling Maximum Document Conversion Size and Time,” on page 577 


--maxtime 


Specifies in seconds the maximum amount of time a DVA worker thread is allowed to work on a 
converting a single document file. The default is 300 seconds (5 minutes). Valid values range from 60 
seconds (1 minute) to 1200 seconds (20 minutes). See Section 50.2, “Controlling Maximum Document 
Conversion Size and Time Limits,” on page 730. 


Linux DVA Windows DVA 
Syntax: --maxtime seconds /maxtime-seconds 
Example: --maxtime 600 /maxtime-60 


When the DVA provides HTML conversion for the POA, the setting of the DVA --maxtime switch 
interacts with the setting of the POA --dcamaxtime switch, which sets the amount of time that the 
POA waits for a response from the DVA. 
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51.18 --quarantine 


Enables the document guarantine feature of the DVA, which is disabled by default. See Section 48.3, 
“Enabling the DVA Document Ouarantine,” on page 722 


Linux DVA Windows DVA 


Syntax: --guarantine /quarantine 


See also --maxquarantineage and --maxquarantinesize. 


NOTE: If files passed to the DVA from the POA for HTML conversion in preparation for indexing fail 
in HTML conversion by the DVA, they are placed in the post_office/oftemp/gwdca/problem 
directory, as if they had been processed by the DCA rather than the DVA. For more information 
about the DCA, see Section 39.2, “Configuring the Document Converter Agent (DCA),” on page 575. 


51.19 --ssicert 


For secure SSL connections between the DVA and other programs (the WebAccess Application, the 
POA, and your Web browser for the DVA Web console), specifies the full path name of the SSL 
certificate file. See Section 48.2.3, “Securing Document Conversion with SSL Connections,” on 


page 721. 
Linux DVA Windows DVA 
Syntax: --sslcert /directory/certificate_file Issicert-[drive:]\din\file 
Issicert-\svn\sharename\dinfile 
Example: --ssicert /certs/gw.crt /ssicert-\ssl\gw.crt 


/ssicert-m:\ssl\gw.crt 
/ssicert-\\server2\c\ssl\gw.crt 


See also --httpssl, --sslkey, and --sslkeypassword. 


51.20 --ssikey 


Specifies the full path to the private file used to provide secure SSL communication between the DVA 
and other programs (the WebAccess Application, the POA, and the DVA Web console). See 
Section 48.2.3, “Securing Document Conversion with SSL Connections,” on page 721. 


Linux DVA Windows DVA 


Syntax: --sslkey /dir/file /sslkey-[drive:]\dir\file 
/sslkey-\\svr\sharename\dir\file 


Example:  --sslkey /certs/gw.key /sslkey-\ssl\gw.key 
/sslkey-m:\ssl\gw.key 
/sslkey-\\server2\c\ssl\gw.key 


See also --httpssl, --sslcert, and --sslkeypassword. 
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51.21 


51.22 


51.23 


--ssikeypassword 


Specifies the password used to encrypt the private SSL key file when it was created. See 
Section 48.2.3, “Securing Document Conversion with SSL Connections,” on page 721. 


Linux DVA Windows PDV 
Syntax: --sslkeypassword password /sslkeypassword-password 
Example: --ssikeypassword gwssl /sslkeypassword-gwssl 


See also --httpssl, --sslcert, and --sslkeypassword. 


--temp 


Sets the path to the directory where the DVA creates its temporary files. The default location varies 
by platform. The default is a subdirectory of the DVA working directory (gwdva .dir). See 
Section 48.2.1, “Setting the DVA Home Directory,” on page 719 


Linux DVA Windows DVA 


Syntax: --temp /dir /temp-[drive:]\dir 
/temp-\\svrsharename\dir 


Example: --temp /gwsystem/temp /temp-\dva\temp 
/temp-m:\dva\temp 
/temp-\\server2\c\mail\dva\temp 


--template 


Specifies the full path to the directory for storing the HTML template files. Template files provide the 
basic HTML format into which document files of all formats are converted for display in your Web 
browser. The default is a subdirectory of the DVA home directory. See Section 48.2.1, “Setting the 
DVA Home Directory,” on page 719 


Linux DVA Windows DVA 


Syntax: --template /dir /template-[drive:]\dir 
Itemplate-\\svr\sharename\dir 


Example: --template /gwsystem/temp /template-\dva\template 
/template-m:\dva\template 
/template-\\server2\c\mail\dva\template 
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XI | Internet Agent 


* Chapter 52, “Configuring Internet Addressing,” on page 743 

* Chapter 53, “Configuring Internet Services,” on page 757 

* Chapter 54, “Managing Internet Access,” on page 787 

* Chapter 55, “Configuring the GWIA,” on page 809 

* Chapter 56, “Monitoring the GWIA,” on page 817 

* Chapter 57, “Optimizing the GWIA,” on page 839 

* Chapter 58, “Connecting GroupWise Systems and Domains Using the GWIA,” on page 843 
* Chapter 59, “Using GWIA Startup Switches,” on page 851 


For a complete list of port numbers used by the GWIA, see Section A.6, “Internet Agent Port 
Numbers,” on page 1170. 


For detailed Linux-specific GWIA information, see Appendix C, “Linux Commands, Directories, and 
Files for GroupWise Administration,” on page 1179. 


For additional assistance in managing the GWIA, see GroupWise Best Practices (http:// 
wiki.novell.com/index.php/GroupWise). 
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52.1 


Configuring Internet Addressing 


By default, GroupWise uses a proprietary address format consisting of a user's ID, post office, and 
domain (userID.post_office.domain). However, when you install the GroupWise Internet Agent 
(GWIA), GroupWise also supports native Internet-style addressing consisting of a user name and 
Internet domain name (for example, userIDolnternet domain name). 


Internet-style addressing is the preferred addressing format if you are connected to the Internet, 
because with Internet-style addressing, users have the same address within the GroupWise system as 
they do outside the GroupWise system. For example, if John Smith’s address at Novell is 
jsmith@novell.com, this address can be used by users within the GroupWise system and users 
external to the system. 


To set up Internet addressing, you do the following: 


+ Define Internet domain names for your GroupWise system. You can have one or more domain 
names (for example, novell.com, gw.novell.com, and support.novell.com). 


+ Set up the default Internet address format for use when displaying user addresses in the 
GroupWise Address Book and sent messages. There are six formats that can be assigned at the 
system, domain, post office, or user level. In addition, there is a free-form format that can be 
used at the user level. 


+ 


Designate the address formats that can be used to address messages to your GroupWise users. 
There are five possible formats to choose from. You can allow all five formats, or only one. 


+ 


Specify the default GWIA to be used when sending messages from your GroupWise system to 
the Internet. This becomes your system's default GWIA for outbound messages sent from all 
domains; however, if you have multiple GWIAs, you can override this setting by assigning 
GWIAs at the domain level. 


The following sections help you plan and set up Internet addressing: 


+ Section 52.1, “Planning Internet Addressing,” on page 743 
+ Section 52.2, “Setting Up Internet Addressing,” on page 748 
+ Section 52.3, “Transitioning from SMTP Gateway Aliases to Internet Addressing,” on page 754 


Planning Internet Addressing 


The following sections help you prepare to set up Internet-style addressing for your GroupWise 
system: 

¢ Section 52.1.1, “GWIA Requirement,” on page 744 

+ Section 52.1.2, “GWIAs Used for Outbound Messages,” on page 744 

+ Section 52.1.3, “Internet Domain Names,” on page 744 

+ Section 52.1.4, “Preferred Address Format,” on page 744 
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52.1.1 


52.1.2 


52.1.3 


52.1.4 


+ Section 52.1.5, “Allowed Address Formats,” on page 747 
+ Section 52.1.6, “Override Options,” on page 748 


GWIA Reguirement 


Internet addressing requires you to have the GroupWise GWIA installed in your GroupWise system. 
The GWIA connects your GroupWise system to the Internet. To install the GWIA, see “Installing the 
GroupWise Internet Agent” in the GroupWise 2012 Installation Guide. 


GWIAs Used for Outbound Messages 


Each domain in your GroupWise system must be assigned an GWIA for outbound messages. A 
domain’s assigned GWIA handles all outbound messages sent by the domain’s users. 


If your GroupWise system includes only one GWIA, that GWIA must be assigned to all domains and 
is used for all outbound messages. 


If your GroupWise system includes multiple GWIAs, you must decide which GWIA you want to be 
responsible for outbound messages for each domain. You must select one GWIA as your system’s 
default GWIA, but you can override the default at each domain. 


Internet Domain Names 


You must associate at least one Internet domain (such as novell.com, gw.novell.com, or 
support .novell.com) with your GroupWise system. These Internet domains need to exist in the 
domain name service (DNS). 


After you have associated Internet domains with your GroupWise system, all users in your system 
can be addressed using any of the domains (for example, jsmith@novell.com, jsmith@gw.novell.com, 
and jsmith@support.novell.com). The addresses can be used both internally and externally. 


Preferred Internet Domain Name 


You must assign each GroupWise user a preferred Internet domain. GroupWise uses the preferred 
Internet domain name when constructing the email addresses that are displayed in the GroupWise 
Address Book and in the To field of sent messages. 


To make this process easier, GroupWise lets you assign a preferred Internet domain to be used as the 
default for your GroupWise system (for example, novell.com). The system’s preferred Internet 
domain is applied to all users in your GroupWise system. However, you can override the system’s 
preferred Internet domain at the domain, post office, or user level, meaning that different users 
within your GroupWise system can be assigned different preferred Internet domains. For example, 
users in one domain can be assigned gw.novell.com as their preferred Internet domain while users in 
another domain are assigned support.novell.com. 


Preferred Address Format 


You must choose a preferred address format for your GroupWise users. GroupWise uses the 
preferred address format, along with the preferred Internet domain, to construct the email addresses 
that are published in the GroupWise Address Book and in the To field of sent messages. 


GroupWise supports the following address formats: 


userID.post_office.domain@internet_domain_name 
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userID.post. officeOinternet domain. name 
userlDõinternet domain. name 

firstname.lastnameõinternet domain, name 
lastname.firstnameõinternet domain, name 
firstinital lastnameõinternet domain, name 


As with the preferred Internet domain, you must assign a preferred address format to be used as the 
default for your GroupWise system. The system’s preferred address format is applied to all users in 


your GroupWise system. However, you can override the system’s preferred address format at the 


domain, post office, and user/resource level. 


The following sections explain some of the advantages and disadvantages of each address format: 


+ “userlD.post office.domainGinternet domain name” on page 745 
+ “userlD.post officeinternet domain name” on page 745 

+ “userlDGinternet domain, name” on page 746 

+ “firstname.lastnameGinternet domain name” on page 746 

+ “lastname.firstnameGinternet domain name” on page 746 


+ “firstinitial lastnameGinternet domain, name” on page 747 


userlD.post office.domaininternet domain name 


Advantages 


+ Reliable format. GroupWise guarantees that each address is unique. 


+ Identical user names can be used in different post offices. 


Disadvantages 


+ Addresses tend to be long and hard to remember. 


+ Addresses might change over time as users are moved from one post office to another. 


userlD.post office(Dinternet domain name 


Advantages 


* Guarantees unigueness if all your post offices have unigue names. 


+ Identical user names can be placed in different post offices. 


Disadvantages 


+ Addresses tend to be long and hard to remember. 


+ Addresses might change over time as users are moved from one post office to another. 
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userlD@internet domain name 


Advantages 


+ Addresses are short and easy to remember. 


+ Backward-compatible with previous versions of GroupWise. (Users won't need to update their 
business cards.) 


+ Addresses do not change as users are moved. 


Disadvantages 


+ When you first enable this address format, you might have duplicate user IDs in your 
GroupWise system. However, in the future, ConsoleOne prevents you from creating duplicate 
user IDs within the same Internet domain name. The same user ID can be used in different 
Internet domains without problem. 


firstname.lastname@internet domain name 


Advantages 


+ Addresses are intuitive and easy to remember. 


+ Addresses do not change as users are moved. 


Disadvantages 


+ When you first enable this address format, you might have duplicate first and last names in your 
GroupWise system. However, in the future, ConsoleOne prevents you from creating users with 
the same first and last names within the same Internet domain name. The same first name and 
last name combination can be used in different Internet domains without problem. 


* The probability of conflicts increases if any user's first and last names match any GroupWise 
domain or post office name, if any two users have the same first and last names, or if any two 
users have the opposite first and last names (such as James Dean and Dean James). 


lastname.firstname@internet domain name 


Advantages 


+ Addresses are intuitive and easy to remember. 


+ Addresses do not change as users are moved. 
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Disadvantages 


+ When you first enable this address format, you might have duplicate first and last names in your 
GroupWise system. However, in the future, ConsoleOne prevents you from creating users with 
the same first and last names within the same Internet domain name. The same last name and 
first name combination can be used in different Internet domains without a problem. 


* The probability of conflicts increases if any user's first and last names match any GroupWise 
domain or post office name, if any two users have the same first and last names, or if any two 
users have the opposite first and last names (such as James Dean and Dean James). 


firstinitial lastname@internet domain name 


Advantages 


+ Addresses are intuitive and easy to remember. 


+ Addresses do not change as users are moved. 


Disadvantages 


+ When you first enable this address format, you might have duplicate first initial and last names 
in your GroupWise system. However, in the future, ConsoleOne prevents you from creating 
users with the same first initials and last names within the same Internet domain name. The 
same first initial and last name combination can be used in different Internet domains without 
problem 


+ The probability of conflicts increases when using first initials instead of complete first names. 


52.1.5 Allowed Address Formats 


The preferred Internet domain and preferred address format apply to user addresses as displayed in 
the GroupWise Address Book or in the address displayed on sent messages. 


The allowed address formats, on the other hand, determine which address formats are accepted by 
the GWIA. There are five possible allowed formats: 


userlD.post. officeOinternet domain. name 
userlDõinternet domain. name 
firstname.lastnameõinternet domain, name 
lastname.firstnameõinternet domain, name 
firstinital lastnameõinternet domain, name 


If you select all five formats, the GWIA accepts messages addressed to users in any of the formats. 
For example, John Peterson would receive messages sent using any of the following addresses: 


jpeterson.research@novell.com 
jpeterson@novell.com 
john.peterson@novell.com 
peterson.john@novell.com 
jpeterson@novell.com 
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52.1.6 


52.2 


52.2.1 


52.2.2 


You must designate the allowed address formats to be used as the default formats for your 
GroupWise system. The system’s allowed address formats are applied to all users in your GroupWise 
system. However, you can override the system's allowed address formats at the domain, post office, 
and user/resource level. 


For example, assume you have two John Petersons with userIDs of jpeterson and japeterson. The 
userID.post. office and userID address formats do not cause message delivery problems, but the 
firstname.lastname, lastname.firstname, and firstinitial lastname address formats do. To overcome this 
problem, you could disallow the three problem formats for these users at the user level. 


Override Options 
In spite of the best planning, some email addresses do not fit the rules and are not processed 


correctly. You can handle such addresses by overriding the regular address processing, as described 
in Section 52.2.3, “Overriding Internet Addressing Defaults,” on page 751. 


Setting Up Internet Addressing 


The following sections help you to set up Internet addressing: 


+ Section 52.2.1, “Installing the GWIA,” on page 748 
+ Section 52.2.2, “Enabling Internet Addressing,” on page 748 
+ Section 52.23, “Overriding Internet Addressing Defaults,” on page 751 


Installing the GWIA 


Before you can set up Internet addressing, you must install the GWIA for at least one domain. If you 
have not already installed the agent, see “Installing the GroupWise Internet Agent” in the GroupWise 
2012 Installation Guide. 


Enabling Internet Addressing 
1 In ConsoleOne, click Tools > GroupWise System Operations > Internet Addressing. 


Internet Addressing 


qu 
{Internet Domains | Addressing Formats | Publish to eDirectory 


CE 
Internet Domain Names 
ENN | Eos ) || (e) 


Internet Agent far outbound SMTP/MIME messages: 
Provol.GWIA v 


Note: You must choose a default Internet Agent before you can define Internet 
Domain names, 


2 Onthe Internet Domains tab, click Create. 
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Internet domain name 


Internet Domain Name: 


Description: 


Used For external GroupWise systems only 


3 Specify the Internet domain name (for example, yourcompanyname . com), then click OK to setup 
the first Internet domain for your GroupWise system. 


Internet Addressing 
pa 
Internet Domains | Addressing Formats | Publish to eDirectory 


Internet Domain Names 


M Corporate.net 


Internet Agent for outbound SMTP/MIME messages: 
Provol.GWIA 


Note: You must choose a default Internet Agent before you can define Internet 
Domain names, 


4 If you want your Group Wise system to receive email addressed to additional Internet domain 
names: 


4a Repeat Step 2 and Step 3. 
4b When you are finished adding Internet domain names to the list, select the preferred 
Internet domain name for your GroupWise system, then click Set Preferred. 


The preferred Internet domain name is used in addresses published in the GroupWise 
Address Book and in the To field of sent messages. This can be overridden on the Internet 
Addressing properties pages for domains, post offices, users, and resources. For more 
information, see Section 52.2.3, “Overriding Internet Addressing Defaults,” on page 751. 


5 Inthe Internet Agent for Outbound SMTP/MIME Messages list, select the GWIA to use as the 
default GWIA for your GroupWise system. 


By default, all GroupWise domains use this GWIA for outbound messages sent by users in the 
domain. If you have multiple GWIAs in your GroupWise system, you can override the default 
setting at the domain level, as described in “Domain Overrides” on page 751. 


6 Click the Addressing Formats tab. 


Configuring Internet Addressing 749 


750 


Internet Addressing 


Internet Domains | Addressing Formats | Publish to eDirectory 


Preferred Address format: x2 
| UserID@Internet domain name v 


Enable "First Initial Last Name" matching for incoming mail 


Allowed Address Formats 


[V] UserID.Post Office@Internet domain name 


UserIDOlnternet domain name 


Last Name.First Name@Internet domain name 


First Name.Last Name@Internet domain name 


First Initial Last Name@Internet domain name 


7 Inthe Preferred Address Format field, select your GroupWise system’s default Internet address 


format. 


This is the format that is used when displaying addresses in the GroupWise Address Book and 
in a message’s From field if it is not overridden at a lower level. For a list of the available 
addressing formats and their respective advantages and disadvantages, see Section 52.1.4, 
“Preferred Address Format,” on page 744. 


You can override the preferred address format at the domain, post office, and user/resource 
levels. For more information, see Section 52.2.3, “Overriding Internet Addressing Defaults,” on 
page 751. 


If desired, turn on the Enable “First Initial Last Name” Matching for Incoming Mail option. 


This option allows the GWIA to resolve addresses for incoming messages by performing first 
initial last name lookups on the user name portion of the address. When doing so, the GWIA 
uses the first letter of the user name as the first initial and the remainder of the user name as the 
last name. It then resolves the address to any GroupWise users whose Last Name field (in their 
eDirectory User object properties) contains the last name and whose Given Name field starts 
with the first initial. 


For example, if the recipient’s address is jpeterson@novell.com, the first initial would be J and 
the last name would be Peterson. The address would resolve to the user whose Last Name field 
is Peterson and Given Name field starts with J. If more than one user’s given name starts with J 
(for example, John and Janice), the message is undeliverable. 


This option is useful if you want to be able to use the UserID@Internet_domain_name format but 
your userIDs do not really reflect your users’ actual names (for example, John Peterson’s user ID 
is 46789 so his address is 46789@novell.com). In this case, you could publish users’ addresses as 
the first initial last name (for example, jpeterson@novell.com) and enable this option so that the 
GWIA resolves the addresses to the appropriate users. 


In the Allowed Address Formats list, select the address formats that you want to be supported for 
incoming messages. GroupWise delivers a message to the recipient if any of the allowed formats 
have been used in the address. By default, all formats are supported. 


You can override the allowed address formats at the domain, post office, and user/resource 
levels. For more information, see Section 52.2.3, “Overriding Internet Addressing Defaults,” on 
page 751. 
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52.2.3 


10 Click OK to save your changes. 


If you changed the preferred address format, you are prompted to update the Internet email 
address (User object > General > Identification > E-Mail Address) for all affected users. The Internet 
email address is the address returned in response to LDAP gueries to eDirectory. We 
recommend that you allow this update; however, performing it for the entire GroupWise system 
might take a while. 


Atthis point, Internet addressing is enabled and configured. 


Overriding Internet Addressing Defaults 


All domains, post offices, and users/resources in your GroupWise system inherit the defaults (GWIA 
for outbound messages, preferred Internet domain name, preferred address format, and allowed 
address formats) you established when enabling Internet addressing for your system. However, if 
desired, you can override these defaults for individual domains, post offices, or users/resources. 

+ “Domain Overrides” on page 751 

* “Post Office Overrides” on page 752 


+ “User/Resource Overrides” on page 753 


Domain Overrides 


At the domain level, you can override all Internet addressing defaults assigned to your GroupWise 
system. 


1 In ConsoleOne, right-click a Domain object, then click Properties. 


2 Click GroupWise > Internet Addressing. 


Properties of Provo1 


NDS Rights v | Other | Rights to Files and Folders 
internet Addressin 


Override Preferred Address format: 
- 


Defined at: Corporate Mail 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
D For incoming mail, recipients are known exclusively by this Internet domain name 


Internet Agent for outbound SMTP/MIME messages: 


Defined at: Corporate Mail 


Alternate Internet Agent for outbound SMTP/MIME messages: 
<None> 2j 


Page Options... 


3 To override one of the options, select the Override box, then select the option you prefer for this 
domain. 
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4. Click OK to save the changes. 


If you changed the preferred address format, you are prompted to update the Internet email 
address (User object > General > Identification > E-Mail Address) for all affected users. The Internet 
email address is the address returned in response to LDAP gueries to eDirectory. We 
recommend that you allow this update; however, performing it for an entire Group Wise domain 
might take a while. 


Post Office Overrides 


Atthe post office level, you can override the preferred Internet domain name, preferred address 
format, and allowed address formats the post office has inherited from its domain. You cannot 
override the GWIA that is assigned to handle outbound messages. 
1 In ConsoleOne, right-click a Post Office object, then click Properties. 
2 Click GroupWise > Internet Addressing. 
Properties of Development 


~ | NDS Rights + | Other | Rights to Files and Folders | 


Override Preferred Address format: 


Defined at: Corporate Mail 
Allowed Address Formats 


r 
F 


r 
Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
I For incoming mail, recipients are known exclusively by this Internet domain name 


Page Options... |_ Cana | 


3 To override one of the options, select the Override box, then select the option you prefer for this 
post office. 


If you need additional information about any of the fields, click Help. 
4 Click OK to save the changes. 


If you changed the preferred address format, you are prompted to update the Internet email 
address (User object > General > Identification > E-Mail Address) for all affected users. The Internet 
email address is the address returned in response to LDAP queries to eDirectory. We 
recommend that you allow this update; however, performing it for an entire GroupWise post 
office might take a while. 
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UserlResource Overrides 


Atthe user and resource level, you can override the preferred Internet domain, preferred address 
format, and allowed address formats that the user/resource has inherited from its post office. You 
cannot override the GWIA that is assigned to handle outbound messages. 


1 In ConsoleOne, right-click a User or Resource object, then click Properties. 
2 Click GroupWise > Internet Addressing. 


Properties of jpangilinan 


Security v | General v | GroupWise + | Restrictions + | Memberships + | Security Equal To Me | Login Script { 
| Internet Addressing 


Override | Preferred Address format: 


Preferred EMail TD: N 
[Oo Internet domain name 
Defined at: Provo1 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
For incoming mail, recipients are known exclusively by this Internet domain name 


View EMail Addresses 


Ce Cam Cu 


3 To override one of the options, select the Override box, then select the option you prefer for this 
user Or resource. 


At the user and resource level, the preferred address format can be completely overridden by 
explicitly defining the user portion of the address format (user@Internet domain name). The user 
portion can include any RFC-compliant characters (no spaces, commas, and so on). 


For example, if you have selected First Name.Last Name@Internet domain name as your system’s 
preferred address format and you have two John Petersons, each on a different post office in 
your system, you would end up two users having the same address (John.Peterson@novell.com). 
You could use this field to differentiate them by including their middle initials in their address 
(John.S.Peterson@novell.com and John.A.Peterson@novell.com). 


You can use the same email ID for more than one user in your GroupWise system, if each user is 
in a different Internet domain. Rather than requiring that each email ID be unique in your 
GroupWise system, each combination of email ID and Internet domain must be unique. This 
provides more flexibility for handling the situation where two people have the same name. 
If you need additional information about any of the fields, click Help. 

4 Click OK to save the changes. 


If you changed the preferred address format for a user, you are prompted to update the user’s 
Internet email address (General > Identification > E-Mail Address). The Internet email address is the 
address returned in response to LDAP queries to eDirectory. We recommend that you allow this 
update. 
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52.3 


52.3.1 


52.3.2 


52.3.3 


Transitioning from SMTP Gateway Aliases to Internet 
Addressing 


For those who have been using SMTP gateway aliases to handle email addresses that do not fit the 
default format expected by the GWIA or to customize users’ Internet addresses, the Gateway Alias 
Migration utility can convert the user names in those gateway aliases into preferred email IDs. The 
Preferred E-Mail ID feature was first introduced in GroupWise 6.5 and is the suggested method for 
overriding the current email address format, as described in Section 14.7.2, “Changing a User's 
Internet Addressing Settings,” on page 249. The Gateway Alias Migration utility can also update 
users” preferred Internet domain names based on their existing gateway aliases. 


+ Section 52.3.1, “Planning to Migrate Gateway Aliases,” on page 754 

+ Section 52.3.2, “Preparing to Migrate Gateway Aliases,” on page 754 

+ Section 52.3.3, “Performing the Gateway Alias Migration,” on page 754 
+ Section 52.3.4, “Verifying the Gateway Alias Migration,” on page 756 


Planning to Migrate Gateway Aliases 


You can migrate SMTP gateway aliases by individual user, by post office, by domain, or for your 
entire GroupWise system. Migrating at the post office level is recommended, although you can test 
the process by migrating individual users. Assess the gateway aliases in your GroupWise system and 
decide how you want to organize the migration process. 


The Gateway Alias Migration utility runs most efficiently if you are connected to the domain that 
owns the users whose aliases you are migrating. This reduces network traffic between domains 
during the migration process. 


The Gateway Alias Migration utility requires that you connect to a GroupWise 7 or later domain, 
although you can select users from 6.x and 5.x domains for migration. If you still have 4.x domains, 
you can migrate aliases by connecting to the GroupWise System object before connecting to a 
domain. 


Determine the domains you need to connect to as you perform the migration. 


Preparing to Migrate Gateway Aliases 


Before starting the SMTP gateway alias migration process: 


+ Validate each domain database (wpdomain.db) that you will connect to in order to clean up any 
orphaned aliases that might exist. See Section 26.1, “Validating Domain or Post Office 
Databases,” on page 401. 


+ Create a current backup of each domain database before performing the migration. See 
Section 31.1, “Backing Up a Domain,” on page 431 


Performing the Gateway Alias Migration 


To run the Gateway Alias Migration utility in ConsoleOne: 


1 (Conditional) If you want to migrate all gateway aliases in your GroupWise system, connect to 
the primary domain in the GroupWise View. 


or 
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(Conditional) If you want to migrate the gateway aliases in a particular domain or post office, 
connect to the domain where the aliases are located. 


If you need assistance with this task in a GroupWise system that includes domains on Linux 
servers, see Section 4.1, “Select Domain,” on page 69. 


2 Browse to and select the object representing the set of gateway aliases that you want to migrate 
(GroupWise system, domain, post office, or user). 


3 Click Tools > GroupWise Utilities > Gateway Alias Migration. 
4 Inthe SMTP Gateway Alias Type drop-down list, select the type of alias you want to migrate. 


SMTP Gateway Alias Migration 


Gateway Aliases for objects in = Provo1 


Gateway Alias Type: 
Gateway Aliases 

Gateway Alias [ Object ID 
Complaints Provo1 Development.askoczylas 


Mike@Corporate.com Provo1 Development mbarnard 
TheOfficeOfThePresident Provo1 Development.gsmith 


BETE 


The list of available gateway alias types is generated from the Gateway Alias Type fields on the 
Identification property pages of the GWIA objects in your GroupWise system. 


The resulting alias list provides the SMTP gateway aliases for all users associated with the object 
selected in Step 2. If the list is extremely long, you can click Stop and just work with a subset of 
the alias list. 


The list does not include any aliases that have a pending operation on them. 
5 Select one or more gateway aliases to migrate. 
or 
Click Select All. 
6 Click Migrate to start the migration process. 
You are prompted for how to handle each gateway alias. 
+ If the alias is just a user name, you can select whether or not you want to use that user name 


as the user's preferred email ID. 


SMTP Gateway Alias Migration 


Would you like to make the following changes for 
Provo1 Development gsmith? 


Cancel 


Override the current default EMail ID of "gsmith" with the Preferred 


EMail ID "TheOfficeOfThePresident" 


If you do, the user name is transferred into the Preferred E-Mail ID field on the Internet 
Addressing property page of the User object. 
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+ If the alias also includes an Internet domain name, you can select whether or not you want 
to use that Internet domain name with the user's preferred email ID. 


SMTP Gateway Alias Migration 


Would you like to make the following changes for 
Provo1.Development.mbamard? 


Cancel 


Set the Preferred EMail ID to "Mike" 


iv 
Iv 


Override the current default Internet domain name of 
"Corporate" with "Corporate.com" 


If you do, the domain name is transferred into the Internet Domain Name field on the 
Internet Addressing property page of the User object. 
For an internal user, if the Internet domain name is not defined in your GroupWise system 
under Tools > GroupWise System Operations > Internet Addressing, then the Internet domain 
name is not transferred into the Internet Domain Name field on the Internet Addressing 
property page of the User object. However, for external users, undefined Internet domain 
names are transferred into the Internet Domain Name field on the Internet Addressing 
property page of the External User or External Entity object. 

By default, both user names and domain names are selected for migration. 


7 Foreach gateway alias, deselect the check boxes for any actions that you do not want the Alias 
Migration utility to perform, then click OK. 


For convenience when migrating multiple aliases, you can click OK to All to apply your current 
selections to all aliases. 


8 Whenthe migration is complete, select a different gateway alias type to migrate. 
or 
Click Close. 


52.3.4 Verifying the Gateway Alias Migration 
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To see what the Gateway Alias Migration utility has accomplished: 


1 Browse to and right-click a User object that used to have a gateway alias, then click Properties. 
2 Click GroupWise > Gateway Aliases. 

The alias list should be empty. 
3 On the same User object, click GroupWise > Internet Addressing. 

The Preferred EMail ID field should be filled in with the information from the old gateway alias. 
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Configuring Internet Services 


For detailed instructions about installing and starting the GWIA for the first time, see “Installing the 
GroupWise Internet Agent” in the GroupWise 2012 Installation Guide. 


The GWIA offers several useful services that you can configure to meet the needs of your GroupWise 
system. 


+ Section 53.1, “Configuring SMTP/MIME Services,” on page 757 
+ Section 53.2, “Configuring POP3/IMAP4 Services,” on page 777 
+ Section 53.3, “Configuring LDAP Services,” on page 782 


+ Section 53.4, “Configuring Paging Services,” on page 785 


53.1 Configuring SMTP/MIME Services 


SMTP and MIME are standard protocols that the GWIA uses to send and receive email messages 
over the Internet. SMTP, or Simple Mail Transfer Protocol, is the message transmission protocol. 
MIME, or Multipurpose Internet Mail Extension, is the message format protocol. Choose from the 
following topics for information about how to enable SMTP/MIME services and configure various 
SMTP/MIME settings: 


+ 


+ 


+ 


+ 


Section 53.1.1, “Configuring Basic SMTP/MIME Settings,” on page 757 

Section 53.1.2, “Using Extended SMTP (ESMTP) Options,” on page 760 

Section 53.1.3, “Configuring How the GWIA Handles Email Addresses,” on page 761 
Section 53.1.4, “Determining Format Options for Messages,” on page 763 

Section 53.1.5, “Configuring the SMTP Timeout Settings,” on page 765 

Section 53.1.6, “Determining What to Do with Undeliverable Messages,” on page 766 
Section 53.1.7, “Configuring SMTP Dial-Up Services,” on page 767 

Section 53.1.8, “Enabling SMTP Relaying,” on page 770 

Section 53.1.9, “Using a Route Configuration File,” on page 772 

Section 53.1.10, “Customizing Delivery Status Notifications,” on page 773 

Section 53.1.11, “Managing MIME Messages,” on page 773 


53.11 Configuring Basic SMTP/MIME Settings 


Basic SMTP/MIME settings configure the following aspects of GWIA functioning: 


+ Number of send and receive threads that the GWIA starts and how often the send threads poll 


for outgoing messages 


+ Hostname of the server where the GWIA is running and of a relay host if your system includes 


one 
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+ 


+ 


+ 


IP address to bind to at connection time if the server has multiple IP addresses 
Whether to use 7-bit or 8-bit encoding for outgoing messages 

How to handle messages that cannot be sent immediately and must be deferred 
Whether to notify senders when messages are delayed 


Whether to display GroupWise version information when establishing an SNMP connection 


To set the GWIA basic SMTP/MIME settings: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Ifthe SMTP/MIME Settings page is not the default page, click SMTP/MIME > Settings. 


Properties of GWIA 


Enable SMTP service 


Number of SMTP send threads: 
Number of SMTP receive threads: 


Kill threads on exit or restart 


V] Enable iCal service 


Hostname/DNS "A Record" name: 


Relay Host for outbound messages: 


Scan cycle for send directory: 10 is seconds 


Use 7 bit encoding for all outbound messages 


Maximum number of hours to retry a deferred message: 4 18 hours 


Intervals to retry a deferred message 20,20,20,240 


Return notification to sender when a message is delayed 


Do not publish GroupWise information on an initial SMTP connection 


3 Fillinthe fields: 


Enable SMTP Service: SMTP service is on by default. This setting allows SMTP Internet 
messaging. This setting corresponds with the GWIA’s --smtp switch. 


Number of SMTP Send Threads: The SMTP send threads setting lets you specify the number of 
threads that process SMTP send requests. Each thread is equivalent to one connection. The 
default is 8 threads. This setting corresponds with the GWIA’s --sd switch. 


Number of SMTP Receive Threads: The SMTP receive threads setting lets you specify the 
number of threads that process SMTP receive requests. Each thread is equivalent to one 
connection. The default is 16 threads. This setting corresponds with the GWIA’s --rd switch. 


Kill Threads on Exit or Restart: Select this option to cause the GWIA to stop immediately, 
without allowing its send/receive threads to perform their normal shutdown procedures. The 
normal termination of all send/receive threads can take several minutes, especially if a large 
message is being processed. By terminating immediately, a needed restart can occur 
immediately as well. This setting corresponds with the GWIA’s --killthreads switch. 


Enable iCal Service: Select this option if you want the GWIA to convert outbound GroupWise 
Calendar items into MIME text/calendar iCal objects and to convert incoming MIME text/ 
calendar messages into GroupWise Calendar items. Enabling the iCal service provides the 
functionality described in “Accepting or Declining Internet Items” in “Calendar” in the 
GroupWise 2012 Windows Client User Guide. This setting corresponds with the GWIA's --imip 
switch. 


GroupWise 2012 Administration Guide 


Hostname/DNS "A Record" Name: The Hostname/DNS “A Record” name setting lets you 
identify the hostname of the server where the GWIA resides, or in other words the A Record in 
your DNS table that associates a hostname with the server's IP address (for example, 
gwia.novell.com). This setting corresponds with the GWIA’s --hn switch. 


If you leave this field blank, the GWIA uses the hostname obtained by guerying the hosts file 
from the server. 


Relay Host for Outbound Messages: The relay host setting can be used if you want to use one 
or more relay hosts to route all outbound Internet email. Specify the IP address or DNS 
hostname of the relay hosts. Use a space between relay hosts in a list. Relay hosts can be part of 
your network or can reside at the Internet service provider’s site. This setting corresponds with 
the GWIA’s --mh switch. 


If you want to use a relay host, but you want some outbound messages sent directly to the 
destination host rather than to the relay host, you can use a route configuration file (route. cfg). 
Whenever a message is addressed to a user at a host that is included in the route. cfg file, the 
GWIA sends the message directly to the host rather than to the relay host. For information about 
creating a route.cfg file, see Section 53.1.9, “Using a Route Configuration File,” on page 772. 


Scan Cycle for Send Directory: The Scan cycle setting specifies how often the GWIA polls for 
outgoing messages. The default is 10 seconds. This setting corresponds with the GWIA’s --p 
switch. 


Use 7 Bit Encoding for All Outbound Messages: By default, the GWIA uses 8-bit MIME 
encoding for any outbound messages that are HTML-formatted or that contain 8-bit characters. 
If, after connecting with the receiving SMTP host, the GWIA discovers that the receiving SMTP 
host cannot handle 8-bit MIME encoded messages, the GWIA converts the messages to 7-bit 
encoding. 


With this option selected, the GWIA automatically uses 7-bit encoding and does not attempt to 
use 8-bit MIME encoding. You should use this option if you are using a relay host that does not 
support 8-bit MIME encoding. This setting corresponds with the GWIA’s --force7bitout switch. 


Maximum Number of Hours to Retry a Deferred Message: Specify the number of hours after 
which the GWIA stops trying to send deferred messages. The default is 96 hours (four days). A 
deferred message is any message that can’t be sent because of a temporary problem (host down, 
MX record not found, and so on). This setting corresponds with the GWIA’s --maxdeferhours 
switch. 


Intervals to Retry a Deferred Message: Specify in a comma-delimited list the number of 
minutes after which the GWIA retries sending deferred messages. The default is 20, 20, 20, 60. 
The GWIA interprets this list as follows: It retries 20 minutes after the initial send, 20 minutes 
after the first retry, 20 minutes after the second retry, and 60 minutes (1 hour) after the third retry. 
Thereafter, it retries every hour until the number of hours specified in the Maximum Number of 
Hours to Retry a Deferred Message field is reached. You can provide additional retry intervals as 
needed. It is the last retry interval that repeats until the maximum number of hours is reached. 
This setting corresponds with the GWIA’s --msgdeferinterval switch. 


Return Notification to Sender When a Message Is Delayed: Select this option to provide a 
notification message to users whose email messages cannot be immediately sent out across the 
Internet. This provides more noticeable notification to users than manually checking the 
Properties page of the sent item to see whether it has been sent. This setting corresponds with 
the GWIA’s --delayedmsgnotification switch. 


Do Not Publish GroupWise Information on an Initial SMTP Connection: This option 
suppresses the GroupWise version and copyright date information that the GWIA typically 
responds with when contacted by another SMTP host or a telnet session. It is enabled by default. 
This setting corresponds with the GWIA’s --nosmtpversion switch. 


4 Click OK to save the changes. 
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53.12 Using Extended SMTP (ESMTP) Options 


The GWIA supports several Extended SMTP (ESMTP) settings. These are settings that might or 
might not be supported by another SMTP system. 


The following ESMTP extensions are supported: 


+ SIZE: For more information, see RFC 1870 (http://www.ietf.org/rfc/rfc1870.txt). 
+ AUTH: For more information, see RFC 2554 (http://www.ietf.org/rfc/rfc2554.txt). 


+ DSN: For more information, see RFC 3464 (http://www.ietf.org/rfc/rfc3464.txt) and RFC 3461 
(http://www.ietf.org/rfc/rfc3461.txt). 


+ 8BITMIME: For more information, see RFC 1652 (http://www.ietf.org/rfc/rfc1652.txt). 
+ STARTTLS: For more information, see RFC 3207 (http://www.ietf.org/rfc/rfc3207.txt). 
To configure ESMTP settings: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click SMTP/MIME > ESMTP Settings. 


Properties of GWIA 


DAP | POPSAMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 


[V Enable Delivery Status Notification (DSN) 


DSNHold Age: [ 4 S| days 


Page Options... Cancel Apply Help 


3 Fillin the fields: 


Enable Delivery Status Notification: Turn on this option to allow the GWIA to request status 
notifications for outgoing messages and to supply status notifications for incoming messages. 
This requires the external email system to also support Delivery Status Notification. Currently, 
notification consists of two delivery statuses: successful or unsuccessful. 


If you enable the Delivery Status Notification option, you need to select the number of days that 
you want the GWIA to retain information about the external sender so that status updates can be 
delivered to him or her. For example, the default hold age causes the sender information to be 
retained for 4 days. If the GWIA does not receive delivery status notification from the 
GroupWise recipient’s Post Office Agent (POA) within that time period, it deletes the sender 
information and the sender does not receive any delivery status notification. 
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If you enable this option for the GWIA, it overrides what GroupWise Windows client users set 
under Tools > Options > Send > Mail > Send Notification to My Mailbox. By default, this option is 
deselected in the GroupWise Windows client, but if you select Enable Delivery Status Notification 
in ConsoleOne, users receive delivery status notifications in their mailboxes even when the 
option is deselected in the Windows client. 


4 Click OK to save the changes. 


53.1.3 Configuring How the GWIA Handles Email Addresses 


The GWIA can handle email addresses in a variety of ways: 


+ 


+ 


+ 


+ 


+ 


+ 


Internet addressing vs. Group Wise proprietary addressing 
Group membership expansion on inbound messages 
Distribution membership expansion on outbound messages 
Using non-GroupWise domains 

Using sender’s address format 


Using domain and post office information 


To set the GWIA address handling options: 


1 
2 


3 


In ConsoleOne, right-click the GWIA object, then click Properties. 
Click SMTP/MIME > Address Handling. 


Properties of GWIA 


DAP | POPSAMAP4 | Server Directories | Access Control v | Reattach | Post Office Links | Grou! 


Addressing Style 
T Ignore GroupWise Internet Addressing 


Inbound Settings 
- Expand distribution lists on incoming messages 


T Do not replace unscores with spaces 


Outbound Settings: 
Non-GroupVVise Domain for RFC-822 Replies: 
Non-GroupVVise Domain for MIME Replies: 
Sender's address format: 


Place domain and post office qualifiers: 
© on left of address 


© on right of address 
|” Retain distribution lists on outgoing messages 
[T Use GroupWise user address as Mail From: for rule generated messages 


[ Display fullname as lastname, firstname 


T Do not include the fullname in the MIME header 


Page Options... Cancel Apply 


Fill in the fields: 


Ignore GroupWise Internet Addressing: GroupWise supports both Internet-style addressing 
(user@host) and GroupWise proprietary addressing (user_ID.post_office.domain). By default, the 
GWIA uses Internet-style addressing. 


If you do not want the GWIA to use standard Internet-style addressing (user@host), turn on the 
Ignore GroupWise Internet Addressing option. With this option turned on, messages use the mail 
domain name in the Foreign ID field (GWIA object > GroupWise > Identification) for the domain 
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portion of a user's Internet address. If you included multiple mail domain names in the Foreign 
ID field or the frgnames . cfg file, as described in “Listing Foreign Domain Names” on page 763, 
the first mail domain name listed is the one used in addresses. 


The GWIA supports user and post office aliases in either mode. This setting corresponds with 
the GWIA's --dia switch. 


Expand Distribution Lists on Incoming Messages: Turn on this option to have incoming 
Internet messages addressed to a distribution list sent to allmembers of the distribution list. This 
setting corresponds with the GWIA's --group switch. See also the --nickgroup switch to turn on 
distribution list expansion for distribution lists that have nicknames. 


Do Not Replace Underscores with Spaces: Select this option if you do not want the GWIA to 
convert user names in email addresses from the format Firstname Lastname into the format 
Firstname Lastname by replacing the underscore with a space. By default, this conversion takes 
place automatically, even though Firstname_Lastname is not an address format that is included 
in the Allowed Address Formats list in the Internet Addressing dialog box, as described in 
Section 52.2.2, “Enabling Internet Addressing,” on page 748. This setting corresponds with the 
GWIA's --dontreplaceunderscore switch. 


Non-GroupWise Domain for RFC-822 Replies: This setting can be used only if 1) you created a 
non-GroupWise domain to represent all or part of the Internet, as described in Section 6.8, 
“Adding External Users to the Group Wise Address Book,” on page 116, and 2) you defined the 
non-GroupWise domain's outgoing conversion format as RFC-822 when you linked the GWIA 
to the domain. 


Specify the name of the non-Group Wise domain associated with the RFC-822 conversion format. 
When a GroupWise user replies to a message that was originally received by the GWIA in RFC- 
822 format, the reply is sent to the specified non-GroupWise domain and converted to RFC-822 
format so that it is in the same format as the original message. 


This setting corresponds with the GWIA’s --fd822 switch. 


Non-GroupWise Domain for MIME Replies: This setting can be used only if 1) you created a 
non-GroupWise domain that represents all or part of the Internet, as described in Section 6.8, 
“Adding External Users to the GroupWise Address Book,” on page 116, and 2) you defined the 
non-GroupWise domain’s outgoing conversion format as MIME when you linked the GWIA to 
the domain. 


Specify the name of the non-GroupWise domain associated with the MIME conversion format. 
When a GroupWise user replies to a message that was originally received by the GWIA in MIME 
format, the reply is sent to the specified non-GroupWise domain and converted to MIME format 
so that it is in the same format as the original message. 


This setting corresponds with the GWIA’s --fdmime switch. 


Sender’s Address Format: This setting applies only if you have not enabled GroupWise Internet 
addressing (in other words, you selected the Ignore GroupWise Internet Addressing option). If 
GroupWise Internet addressing is enabled, the GWIA ignores this setting and uses the preferred 
address format established for outbound messages (Tools > GroupWise System Operations > 
Internet Addressing). 


The Sender’s Address Format setting lets you specify which GroupWise address components 
(domain.post_office.user_ID) are included as the user portion of the address on outbound 
messages. You can choose from the following options: 


+ Domain, Post Office, User, and Hostname: Uses the domain.post_office.user_ID@host syntax. 
+ Post Office, User, and Hostname: Uses the post_office.user_ID@host syntax. 


+ User and Hostname: Uses the user_ID@host syntax. 
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+ Auto (default): Uses the GroupWise addressing components required to make the address 
unique within the user’s GroupWise system. If a user ID is unique in a GroupWise system, 


the outbound address uses only the user ID. If the post office or domain.post office 


components are required to make the address unique, these components are also included 


in the outbound address. 
The Sender’s Address Format setting corresponds with the GWIA’s --aql switch. 


Place Domain and Post Office Qualifiers: If the sender’s address format must include the 


domain and/or post office portions to be unique, you can use this option to determine where the 


domain and post office portions are located within the address. 


+ On Left of Address (default): Leaves the domain and post office portions on the left side of 


the @ sign (for example, domain.post_office.user_ID@host. 


+ On Right of Address: Moves the domain and post office portions to the right side of the @ 


sign, making the domain and post office part of the host portion of the address (for 


example, user_ID@post_office.domain.host. If you choose this option, you must ensure that 


your DNS server can resolve each post_office.domain.host portion of the address. This setting 


corresponds with the GWIA’s --agor switch. 


Retain Distribution Lists on Outgoing Messages: Select this option if you do not want the 
GWIA to expand distribution lists on messages going to external Internet users. Expansion 


of distribution lists can result in large SMTP headers on outgoing messages. This setting 


corresponds with the GWIA’s --keepsendgroups switch. 


Use GroupWise User Address as Mail From: for Rule Generated Messages: Select this 
option if you want the GWIA to use the real user in the Mail From field instead of having 


auto-forwards come from Postmaster and auto-replies come from Mailer-Daemon. This 
setting corresponds with the GWIA’s --realmailfrom switch. 


4 Click OK to save the changes. 


Listing Foreign Domain Names 


The Foreign ID field (GWIA object > GroupWise > Identification) identifies the Internet domain names 

for which the GWIA accepts messages. The field should always include your mail domain name (for 
example, novell.com). You can include additional domain names by separating them with a space, as 
in the following example: 


novell.com gw.novell.com gwia.novell.com 


When you list multiple Internet domain names, the GWIA accepts messages for a GroupWise user if 
any of the Internet domain names are used (for example, jsmith@novell.com, jsmith@gw.novell.com, 
or jsmith@gwia.novell.com). 


The field limit is 255 characters. If you need to exceed that limit, you can create a frgnames . cfg text 
file in the domain\wpgate\gwia directory. List each Internet domain name on a separate line. 


Determining Format Options for Messages 


You can control aspects of how the GWIA formats incoming and outgoing messages: 


+ 


+ 


+ 


+ 


+ 


Number of GWIA threads for converting messages into the specified format 
The view in which incoming messages are displayed to GroupWise users 
Text encoding method (Basic RFC-822 or MIME) 

Text wrapping 


Message prioritization based on x-priority fields 
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To set the GWIA format options: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click SMTP/MIME > Message Formatting. 


Properties of GWIA 


Inbound Settings 


Number of inbound conversion threads: 


Outbound Settings 
Number of outbound conversion threads: 
Default message encoding: 
© Basic RFC-822 
r 
© MME 
Message text line wrapping: 
[V Enable quoted printable text line wrapping 
Line wrap length for message text on outbound mail: 72 H 
[ Enable flat-forwarding 


Default Global Signature to insert in outbound messages: Defined at:Corporate Mail 
I Override | 


[ Apply Global Signature to relay messages 


I” Disable mapping x-priority fields 


Page Options... Cancel Apply 


3 Fillin the fields: 


Number of Inbound Conversion Threads: The inbound conversion threads setting lets you 
specify the number of threads that convert inbound messages from MIME or RFC-822 format to 
the GroupWise message format. The default setting is 4. This setting corresponds with the 
GWIA’s --rt switch. 


Number of Outbound Conversion Threads: The outbound conversion threads setting lets you 
specify the number of threads that convert outbound messages from the GroupWise message 
format to MIME or RFC-822 format. The default setting is 4. This setting corresponds with the 
GWIA’s --st switch. 


Default Message Encoding: The default message encoding setting lets you select the encoding 
method for your outbound Internet messages. You can select either Basic RFC-822 formatting or 
MIME formatting. MIME is the default message format. This setting corresponds with the 
GWIA’s --mime switch. 


If you select the Basic RFC-822 option, you can decide whether or not to have the GWIA 
UUEncode all ASCII text attachments to RFC-822 formatted messages. By default, this option is 
turned off, which means ASCII text attachments are included as part of the message body. This 
setting corresponds with the GWIA’s --uueaa switch. 


NOTE: RFC-822 is a very old format. Use it only if you have a specific need for it. 


Message Text Line Wrapping: The Quoted Printable text line wrapping setting lets you select the 
Quoted Printable MIME standard for line wrapping, which provides “soft returns”. By default 
this setting is turned on. If you turn the setting off, MIME messages go out as plain text and 
wrap text with “hard returns” according to the number of characters specified in the line wrap 
length setting. This setting corresponds with the GWIA’s --nqpmt switch. 


The Line Wrap Length for Message Text on Outbound Mail setting lets you specify the line length for 
outgoing messages. This is useful if the recipient’s email system requires a certain line length. 
The default line length is 72 characters. This setting corresponds with the GWIA’s --wrap switch. 
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Enable Flat Forwarding: Select this option to automatically strip out the empty message that is 
created when a message is forwarded without adding text, and retain the original sender of the 
message, rather than showing the user who forwarded it. This facilitates users forwarding 
messages from GroupWise to other email accounts. Messages arrive in the other accounts 
showing the original senders, not the users who forwarded the messages from GroupWise. This 
setting corresponds with the GWIA’s --flatfwd switch. 


Default Global Signature to Insert in Outbound Messages: Displays the default global 
signature for your GroupWise system as described in Section 14.3.2, “Selecting a Default Global 
Signature for All Outgoing Messages,” on page 232. If you want this GWIA to append a different 
global signature, select Override, then select the desired signature. 


Apply Global Signature to Relay Messages: Select this option to append the global signature to 
messages that are relayed through your GroupWise system (for example, messages from POP 
and IMAP clients) in addition to messages that originate within your GroupWise system. This 
setting corresponds with the GWIA’s --relayaddsignature switch. 


Disable Mapping X-Priority Fields: Select this option to disable the function of mapping an x- 
priority MIME field to a GroupWise priority for the message. By default, the GWIA maps x- 
priority 1 and 2 messages as high priority, x-priority 3 messages as normal priority, and x- 
priority 4 and 5 as low priority in GroupWise. This setting corresponds with the GWIA’s 
--nomappriority switch. 


4 Click OK to save the changes. 


Configuring the SMTP Timeout Settings 


The SMTP Timeout settings specify how long the GWIA’s SMTP service waits to receive data that it 
can process. After the allocated time expires, the GWIA might give a TCP read/write error. 


To configure the SMTP timeout settings: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click SMTP/MIME > Timeouts. 


Properties of GWIA 
ist Vi] LDAP | popsamap4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 


Commands: minutes 


Data: minutes 
Connection Establishment: minutes 
Initial Greeting: minutes 


TCP Read: minutes 


al» Le 14)» 14)» Lee lale 


Connection Termination: minutes 


Page Options... Cancel Apply Help 


3 Fillin the fields: 
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Commands: The Commands setting lets you specify how long the GWIA waits for an SMTP 
command. The default is 5 minutes. This setting corresponds with the GWIA’s --tc switch. 


Data: The Data setting lets you specify how long the GWIA waits for data from the receiving 
host. The default is 3 minutes. This setting corresponds with the GWIA's --td switch. 


Connection Establishment: The Connection Establishment setting lets you specify how long the 
GWIA waits for the receiving host to establish a connection. The default is 2 minutes. This 
setting corresponds with the GWIA’s --te switch. 


Initial Greeting: The Initial Greeting setting lets you specify how long the GWIA waits for the 
initial greeting from the receiving host. The default is 5 minutes. This setting corresponds with 
the GWIA’s --tg switch. 


TCP Read: The TCP Read setting lets you specify how long the GWIA waits for a TCP read. The 
default is 5 minutes. This setting corresponds with the GWIA’s --tr switch. 


Connection Termination: The Connection Termination setting lets you specify how long the 
GWIA waits for the receiving host to terminate the connection. The default is 10 minutes. This 
setting corresponds with the GWIA’s --tt switch. 


4 Click OK to save the changes. 


53.1.6 Determining What to Do with Undeliverable Messages 


You can configure how the GWIA handles messages that it cannot deliver: 
+ How much of the message to return to the sender 


+ Another host to forward the message to (where it might be deliverable) 


* Whether to move the message to the GroupWise problem directory or send it to the GroupWise 
administrator 


To set the GWIA undeliverable message options: 
1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click SMTP/MIME > Undeliverables. 


Properties of GWIA 
LDAP | POP3IMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 


Amount of Original Message to Return to Sender [2 a 
When Message is Undeliverable: 2 + KB 


Forward Undeliverable Inbound Messages to Host: | 


Undeliverable or Problem Messages 


[V Move to problem directory 


[ Send to postmaster 
If neither option is chosen, the messages are discarded. 


Page Options... OK Cancel Apply Help 


3 Fillin the fields: 
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Amount of Original Message to Return to Sender When Message is Undeliverable: This 
setting lets you specify how much ofthe original message is sent back to the sender when a 
message is undeliverable. By default, only 2 KB of the original message is sent back. This setting 
corresponds with the GWIA’s --mudas switch. 


Forward Undeliverable Inbound Messages to Host: This setting lets you specify a host to 
which undeliverable messages are forwarded. 


When an IP address is specified rather than a DNS hostname, the IP address must be 
surrounded by sguare brackets [ ]. For example, [172.16.5.18]. 


This setting corresponds with the GWIA’s --fut switch. 


Undeliverable or Problem Messages: This setting lets you specify what you want the GWIA to 
do with problem messages. A problem message is an inbound or outbound message that the 
GWIA cannot convert properly. By default, problem messages are discarded. If you want to save 
problem messages, specify whether to move the messages to the problem directory (gwprob), 
send them to the postmaster, or do both. This setting corresponds with the GWIA’s --badmsg 
switch. 


IMPORTANT: Despite the field name (Undeliverable or Problem Messages), this setting does not 
apply to undeliverable messages. 


4 Click OK to save the changes. 


Configuring SMTP Dial-Up Services 


SMTP dial-up services can be used when you don't require a permanent connection to the Internet 
and want to periodically check for mail messages gueued for processing. Perform the following tasks 
in order to use SMTP dial-up services: 


+ “Setting up Internet Dial-Up Software” on page 767 
+ “Enabling Dial-Up Services” on page 767 
+ “Creating a Dial-Up Schedule” on page 768 


Setting up Internet Dial-Up Software 
The GWIA requires routing software to make the dial-up connection to the Internet. The GWIA 
cannot make this connection itself; it simply creates packets to hand off to the routing software. 


Enabling Dial-Up Services 


After you have the appropriate routing software in place, you can enable and configure the GWIA's 
dial-up services. 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click SMTP/MIME > Dial-Up Settings. 


Configuring Internet Services 767 


768 


Properties of GWIA 
LDAP | POP3AMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Group) 


T Enable dial-up 


ETRN Host: 


ETRN Queue: 


Settings for Windows NT Remote Access Server 


Username: | 


Password: 


When dial-up is enabled, select the Scheduling page to set the times when dialing is allowed. 


Page Options... Cancel Apply Help 


3 Fillin the fields: 


Enable Dial-Up: Turn on this option to allow the GWIA to support SMTP dial-up service. This 
option is off by default. This setting corresponds with the GWIA’s --usedialup switch. 


ETRN Host: Specify the IP address, or DNS hostname, of the mail server (where your mail 
account resides) at your Internet Service Provider. You should obtain this address from your 
Internet Service Provider. This setting corresponds with the GWIA's --etrnhost switch. 


ETRN Queue: Specify your email domain as provided by your Internet Service Provider (for 
example, novell.com). This setting corresponds with the GWIA's --etrngueue switch. 


Username: The Username setting applies only if you are using a Windows Remote Access Server 
(RAS) and the GWIA is not running on the same server as the RAS. 


Specify the RAS Security user name. This setting corresponds with the GWIA’s --dialuser 
switch. 


Password: The Password setting applies only if you are using a Windows Remote Access Server 
(RAS) and the GWIA is not running on the same server as the RAS. 


Specify the RAS Security user's password. This setting corresponds with the GWIA’s --dialpass 
switch. 


4 Click OK to save the changes. 
Creating a Dial-Up Schedule 


After you enable the GWIA to use a dial-up connection, you need to schedule the times when the 
GWIA initiates a connection. 


NOTE: When the GWIA initiates a connection, it simply passes TCP/IP packets to the routing service 
that makes the Internet connection. The routing software, not the GWIA, is responsible for the actual 
dial-up or timeout. 


The GWIA uses profiles to enable you to assign different dial-up criteria to different times. For 
example, the default profile instructs the GWIA to initiate a dial-up connection whenever an 
outgoing message is placed in its send gueue. However, during the night, you might want the GWIA 
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to initiate a connection only after 30 outgoing messages have been gueued. In this case, you could 
create a profile that reguires 30 messages to be gueued and then apply the profile between the hours 
of 11 p.m. and 7 a.m. each day. 


To create a dial-up schedule: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click SMTP/MIME > Scheduling. 


Properties of GWIA 


Sunday 


Monday 


Tuesday 


Wednesday 
Thursday 
Friday 


Saturday LETTE TTT TT 


Default Profile 
=) Other Profiles 
HI current Profile 


Profiles: 


Page Options... Cancel | Apply Help 


3 Continue with the desired task: 
+ “Applying a Profile” on page 769 
+ “Creating a Profile” on page 769 
+ “Editing a Profile” on page 770 
+ “Deleting a Profile” on page 770 


Applying a Profile 
1 Selectthe profile in the Profiles list. 
2 Click the desired hour. 
Or 
Drag to select multiple hours. 


3 Click Apply to save the changes or click OK to save the changes and close the page. 


Creating a Profile 
1 Click Create to display the Create Profile dialog box. 
2 Fillinthe fields: 


Name: Specify a unique name for the profile. It must be different than any other name in the 
Profile list. 


Description: If desired, specify a description for the profile. 
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Oueue Thresholds: The gueue thresholds determine the criteria for the GWIA to initiate a dial- 
up connection to send messages. The settings do not apply to receiving messages (see Dial 
Parameters below). 


You can base the criteria on the number of messages in the send queue, the total size of the 
messages in the send queue, or the number of minutes to wait between connections. If necessary, 
you can use a combination of the three criteria. 


For example, if you set Messages to 20, Kilobytes to 100, and Minutes to 60, the GWIA instructs the 
routing service to initiate a dial-up connection when 20 messages have accumulated in the 
queue, when the total size of the messages in the queue reaches 100 K, or when 60 minutes have 
passed since the last connection. 


Dial Parameters: The dial parameters serve two purposes: 1) the GWIA passes the Redial 
Interval and Idle Time Before Hangup parameters to the routing service to use when initiating a 
connection to send outbound messages, and 2) the GWIA uses the Polling Interval parameter to 
determine how often the routing service should initiate a connection to check for inbound 
messages. The Polling Interval parameter is reguired. 


Specify the interval between redials (default is 30 seconds), the amount of time to wait before 
hanging up when there are no messages to process (default is 60 seconds), and the interval 
between polling for inbound messages (default is 0 minutes). 


3 Click OK to add the profile to the Profiles list. 
4 Toapply the profile to a block of time, see “Applying a Profile” on page 769. 


Editing a Profile 


1 Selectthe profile you want to edit, then click Edit to display the Edit Profile dialog box. 


2 Modify the desired fields. For information about each of the fields, click the Help button in the 
Edit Profile dialog box or see “Creating a Profile” on page 769. 


3 Click Apply to save the changes or click OK to save the changes and close the page. 


Deleting a Profile 


1 Selectthe profile you want to remove from the list, then click Delete. 


2 Click Apply to save the changes or click OK to save the changes and close the page. 


Enabling SMTP Relaying 


You can enable the GWIA to function as a relay host for Internet messages. The GWIA can relay 
messages received from all Internet hosts, or you can select specific hosts for which you allow it to 
relay. 

1 In ConsoleOne, right-click the GWIA object, then click Properties. 

2 Click Access Control > SMTP Relay Settings. 
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Properties of GWIA 
SMTPMIME + | LDAP | POPSMMAP4 | Server Directories | Reattach | Post Office Links | Group [>] 
l 
SMTP Relay Defaults 


C Allow message relaying 


(° Prevent message relaying 


I” Prevent messages larger than 1 4 Kbytes 
Exceptions 
Allow: 


Page Options... 


3 Under SMTP Relay Defaults, select whether you want to allow or prevent message relaying. 


If you prevent message relaying, you can define exceptions that allow message relaying for 
specific Internet hosts. This can also be done if you allow message relaying. We suggest that you 
select the option that enables you to define the fewest exceptions. 


4 To prevent relaying of messages larger than a specific size (regardless of the SMTP Relay Defaults 
setting), enable the Prevent Messages Larger Than option and specify the size limitation. 


5 To define an exception, click Create to display the New Internet Address dialog box. 


New Internet Address 


From o 


To: 
Cancel 
Help 


6 Fill in the following fields: 


From: Specify the Internet address that must be in the message’s From field for the exception to 
be applied. 


To: Specify the Internet address that must be in the message’s To field for the exception to be 
applied. This is also the address that the message is relayed to (in the case of an Allow 
exception). 


In both the From and To fields, you can use either an IP address or a DNS hostname, as shown in 
the following examples: 


novell.com 
10.1.1.10 


You can enter a specific address, as shown above, or you can use wildcards and IP address 
ranges to specify multiple addresses, as follows: 


* novell.com 


10:1.1:* 
10.1.1.10-15 
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NOTE: If the user for whom you want to define an exception has an alias, you must also define 
an exception for the user's alias. Ongoing use of aliases is not recommended. For more 
information, see Section 5.14, “Gateway Alias Migration,” on page 98. 


7 Click OK to add the exception to the list. 


8 When you are finished defining exceptions, click OK to save your changes. 


53.19 Using a Route Configuration File 
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The GWIA supports the use of a route configuration file (route. cfg) to specify destination SMTP 
hosts. This can be useful in situations such as the following: 


¢ You are using a relay host for outbound messages. However, you want some outbound 


messages sent directly to the destination host rather than the relay host. Whenever a message is 
addressed to a user at a host that is included in the route. cfg file, the GWIA sends the message 
directly to the destination host rather than the relay host. 


You need to send messages to SMTP hosts that are unknown to the public Domain Name 
Servers. The route.cfg file acts much like a hosts file to enable the GWIA to resolve addresses 
not listed in DNS. 


The GWIA uses external DNS servers but the server it is running on has an internal IP address. 
This prevents the GWIA from querying external DNS servers for its own internal domain names 
and receiving Host Down errors from the external DNS servers. 


You want to route messages through an SMTP host that checks for viruses (or performs some 
other task) before routing them to the destination host. 


To set up a route. cfg file: 


1 Create the route.cfg file as a text file in the domain\wpgate\ gwia directory. 
2 Add an entry for each SMTP host you want to send to directly. The entry format is: 


hostname address 


Replace hostname with a DNS hostname or an Internet domain name. Replace address with an 
alternative hostname or an IP address. For example: 


novell.com gwia.novell.com 
unixbox [172.16.5.18] 


If you use an IP address, it must be included in square brackets, as shown above. 


To reference subdomains, place a period (.) in front of the domain name as a wildcard character. 
For example: 


.novell.com gwia.novell.com 


Make sure to include a hard return after the last entry. 


3 Save the route.cfg file. 
4 Restart the GWIA. 
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Customizing Delivery Status Notifications 


The GWIA returns status messages for all outbound messages. For example, if a GroupWise user 
sends a message that the GWIA cannot deliver, the GWIA returns an undeliverable message to the 
GroupWise user. 


By default, the GWIA uses internal status messages. However, you can override the internal status 
messages by using a status.xm1 file that includes the status messages you want to use. 


1 Open the appropriate statusxx.xml file, located in the domain\wpgate\gwia directory. 


The domain\wpgate\gwia directory includes a statusxx.xml file for each language included in 
the downloaded GroupWise 2012 software image (for example, statusus.xml, statusde.xml, 
and statusfr.xml). 


2 Makethe modifications you want. 


The following sample code shows the elements and default text of the Undeliverable Message 
status: 


<STATUS MESSAGE type="undeliverableMessage" xml:lang="en-US" > 

<SUBJECT>Message status - undeliverable</SUBJECT> 

<MESSAGE BODY> 

<TEXT>\r\nThe attached file had the following undeliverable recipient (s) :\r\n</ 
TEXT> 
<RECIPIENT LIST format="\t%s\r\n" 

<SESSION TRANSCRIPT> 

<TEXT>\r\nTranscript of session follows:\r\n<TEXT> 
</SESSION TRANSCRIPT> 

<ATTACH ORIGINAL MSG></ATTACH ORIGINAL MSG> 
</MESSAGE BODY> 

</STATUS MESSAGE> 


You can modify text in the <SUBJECT> tag or in the <TEXT> tags. 
You can add additional <TEXT> tagsin the <MESSAGE BODY>. 
You can remove tags to keep an element from being displayed. For example, you could remove 
the <ATTACH ORIGINAL MSG></ATTACH ORIGINAL MSG> tags to keep the original message from 
displaying. 
You can use the following format characters and variables: 
+ \t:tab 
+ \r: carriage return 
+ \n: line feed 
+ %s: recipient name variable 
3 Save the file, renaming it from statusxx.xml to status.xml. 
4 Restart the GWIA. 


The GWIA now uses the status messages defined in the status. xml file rather than its internal status 
messages. 


Managing MIME Messages 


Multipurpose Internet Mail Extensions, or MIME, provides a means to interchange text in languages 
with different character sets. Multimedia email can be sent between different computer systems that 
use the SMTP protocol. MIME allows you to send and receive email messages containing: 


+ Images 


+ Sounds 
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+ Linux Tar Files 

+ PostScript 

+ FTP-able File Pointers 

+ Non-ASCII Character Sets 

+ Enriched Text 

+ Nearly any other file 
Because MIME handles such a variety of file types, you might need to customize aspects of MIME for 
your users. 

+ “Customizing MIME Preamble Text” on page 774 

+ “Customizing MIME Content-Type Mappings” on page 774 


Customizing MIME Preamble Text 


An ASCII file called preamble. txt is installed in the GWIA gateway directory 
(domain\wpgate\ gwia). This file, which is included with any MIME multipart message, is displayed 
when the message recipient lacks a MIME-compliant mail reader. 


The content of the preamble.txt file is a warning, in English, that the file is being sent in MIME 
format. If the recipient cannot read the message, he or she needs to either use a MIME-compliant mail 
reader or reply to the sender and request the message not be sent in MIME format. 


We recommend that you use the preamble. txt file so that those who read MIME messages coming 
from your GroupWise system and who lack MIME-compliant mail readers can understand why they 
cannot read the message and can take corrective action. 


If you choose to modify the preamble. txt file, be aware of the following considerations: 


+ The maximum file size is 1024 bytes (1 KB) 


+ This file is read by the GWIA when the GWIA starts, so if you change the file, you must restart 
the GWIA. 


The GWIA’s gateway directory also contains a preamble.a11 file. The preamble.al1 file includes 
the text of preamble . txt translated into several languages. If you anticipate that your users will be 
sending mail to non-English speaking users, you might want to copy the appropriate language 
sections from the preamble.a11 file to the preamble.txt file. 


The 1024-byte limit on the size of the preamble.txt file still applies, so make sure that the file does 
not exceed 1024 bytes. 


Customizing MIME Content-Type Mappings 


By default, the Group Wise client determines the MIME content-type and encoding for message 
attachments. If, for some reason, the GroupWise client cannot determine the appropriate MIME 
content-type and encoding for an attachment, the GWIA must determine the content-type and 
encoding. 


The GWIA uses a mimetype.cfg file to map attachments to the appropriate MIME content types. 
Based on an attachment's content type, the GWIA encodes the attachment using guoted-printable, 
Base64, or BinHex. Generally, guoted-printable is used for text-based files, Base64 for application 
files, and BinHex for Macintosh files. 
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The mimetype .cfg file includes mappings for many standard files. If necessary, you can modify the 
file to include additional mappings. If an attachment is sent that does not have a mapping in the file, 
the GWIA chooses guoted-printable, BinHex, or Base64 encoding. 


The mimetype. cfg file is also used for RFC-822 attachments, but UUencode or BinHex encoding is 
used regardless of the mapped content type. 


The mimetype. cfg file is located in the domain\wpgate\gwia directory. The following sections 
provide information you need to know to modify the file: 
+ “Mapping Format” on page 775 


+ “File Organization” on page 776 


Mapping Format 
Each mapping entry in the file uses the following format: 


content-type .ext|dtk-code|mac-ttttcccc [/parms] ["comment"] 


Element Description 


content-type The MIME content type to which the file type is being mapped (for example, text/ 
plain). You can omit the content-type only if you use the /parms element to 
explicitly define the encoding scheme for the file type. 


.ext|dtk-code|mac-ttttcccc The .ext element, dtk-code element, and mac-ttttcccc element are mutually 
exclusive. Each entry contains only one of the elements. 


+ ext: The file type extension being mapped to the content type (for 
example, .txt). 


+ dtk-code: The detect code being mapped to the content type (for example, 
dtk-1126). GroupWise assigns a detect code to each attachment type. 


+ mac-tttteccc: The Macintosh file type and creator application being 
mapped to the content type (for example, mac-textmswd). The first four 
characters (tttt) are used for the file type. The last four characters (cccc) are 
used for the creator application. You can use ???? for the creator portion 
(mac-text????) to indicate a certain file type created by any application. 


created by any application. 
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Element Description 


/parms Optional parameters that can be used to override the default encoding assigned 
to the MIME content type. Possible parameters are: 


+ /alternate 

¢ /parallel 

+ /base64 

+ /quoted-printable 
+ /quoted-printable-safe 
+ /uuencode 

+ /plain 

+ /binhex 

+ /nofixeol 

+ /force-ext 

+ /noconvert 

+ /apple-single 

+ /apple-double 


"comment" Optional content description 


File Organization 
The mimetype.cfg file contains the following four sections: 


Parameter-Override] 
Mac-Mappings] 
Detect-Mappings] 
Extension-Mappings] 


[Parameter-Override] 


The [Parameter-override] section takes priority over other sections. You can use this section to 
force the encoding scheme for certain file types. This section also contains defaults for sending 
various kinds of multipart messages. This is how the GWIA knows to put attachments into MIME 
Alternate/Parallel multiparts. 


[Mac-Mappings] 


The [Mac-mappings] section defines mappings for Macintosh file attachments. The following is a 
sample entry: 


application/msword mac-wdbnmswd "Word for Macintosh" 


Macintosh files have a type and creator associated with them. The first four characters are used for 
the type and the last four characters are used for the creator application. 


In the above example, the type is wdbn and the creator application is mswd. When a user attaches a 
Macintosh file to a message, the GWIA uses the appropriate entry in the [Map-mappings] section to 
map the file toa MIME content type and then encode the file according to the assigned encoding 
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scheme. Unless otherwise specified by the /parms element, BinHex 4.0 is used for the encoding. The 
following example shows how you can use the /parms element to change the encoding from the 
default (BinHex) to Base64: 


application/msword mac-wdbnmswd /base64 "Word for Macintosh" 


If necessary, you can use ???? for the creator portion (mac-text????) to indicate a certain file type 


This causes all Macintosh files to be encoded using Base64 rather than BinHex. 


[Detect-Mappings] 


GroupWise attempts to assign each attachment a detect code based on the attachment's file type. The 
[Detect-mappings] section defines the mappings based on these detect codes. The following is a 
sample entry: 


application/msword dtk-1000 "Microsoft Word 4" 


The GWIA uses the detect code to map to a MIME content type and then encode the file according to 
the assigned encoding scheme. If there is no mapping specified or if the file type cannot be 
determined, one of the other mapping methods, such as Extension-Mappings, are used. The detect 
codes associated with attachments are GroupWise internal codes and cannot be changed. 


[Extension-Mappings] 


If a mapping could not be made based on the entries in the [Mac-mappings] and [Detect- 
mappings] section, the GWIA uses the [Extension-mappings] section. The [Extension-mappings] 
section defines mappings based on the attachment's file extension. The following is a sample entry: 


application/pdf .pdf 


Configuring POP3/IMAP4 Services 


The Post Office Protocol 3 (POP3) and the Internet Message Access Protocol 4 (IMAP4) are standard 
messaging protocols for the Internet. The GroupWise GWIA can function as a POP3 or an IMAP 
server, allowing access to the Group Wise domain database and message store. With POP3 or IMAP 
server functionality enabled, GroupWise users can download their messages from GroupWise to any 
POP3/IMAP4-compliant Internet email client. To send messages, POP3/IMAP4 clients can identify 
the GWIA as their SMTP server. 


Complete the instructions in the following sections to set up POP3/IMAP4 service: 


+ Section 53.2.1, “Enabling POP3/IMAP4 Services,” on page 778 

+ Section 53.2.2, “Configuring Post Office Links,” on page 779 

+ Section 53.2.3, “Giving POP3 or IMAP4 Access Rights to Users,” on page 781 

+ Section 53.2.4, “Setting Up an Email Client for POP3/IMAP4 Services,” on page 781 


NOTE: Internal IMAP clients can connect directly to the POA, rather than connecting through the 
GWIA, as described in Section 36.2.3, “Supporting IMAP Clients,” on page 498. Direct connection 
provides faster access for internal IMAP clients. 
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53.2.1 Enabling POP3/IMAP4 Services 


By default, POP3 service and IMAP4 service are enabled. To verify that the services are enabled and 
configured appropriately: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click POP3/IMAP4 > Settings to display the POP3/IMAP4 Settings page. 


Properties of GWIA 
SMTPMIME + | LDAP 


POP3 
C Enable POP3 service 


Number of threads for POP3 connections: 


Number of threads for POP3 SSL connections: 


Enable intruder detection 


vV] Do not publish GroupWise information on an initial POP3 connection 


IMAP4 
C Enable IMAP4 service 


Number of threads for IMAP4 connections: 
Number of threads for IMAP4 SSL connections: 


Maximum number of items to read (in thousands) 


V] Do not publish GroupWise information on an initial IMAP4 connection 


3 To enable POP3, fill in the following fields: 


Enable POP3 Service: POP3 service is off by default. Select this option to allow POP3 
downloads from a GroupWise mailbox. It corresponds with the GWIA’s --pop3 switch. 


Number of Threads for POP3 Connections: The POP3 threads setting lets you specify the 
number of connections for POP3 download requests. The default is 10 threads. This setting 
corresponds with the GWIA’s --pt switch. 


Number of Threads for POP3 SSL Connections: Specify the maximum number of threads you 
want the GWIA to use for secure POP3 connections. This setting corresponds with the GWIA’s 
--sslpt switch. 


Enable Intruder Detection: Select this option to instruct the GWIA to log POP3 email clients in 
through the POA so that the POA’s intruder detection can take effect, if it has been configured in 
ConsoleOne (POA object > Client Access Settings > Intruder Detection). This setting corresponds 
with the GWIA’s --popintruderdetect switch. 


Do Not Publish GroupWise Information on an Initial POP3 Connection: This option 
suppresses the GroupWise version and copyright date information that the GWIA typically 
responds with when contacted by a POP client. It is enabled by default. This setting corresponds 
with the GWIA’s --nopopversion switch. 


4 To enable IMAP4, fill in the following fields: 


Enable IMAP4 Service: IMAP4 service is off by default. Select this option to allow IMAP4 
downloads and management of GroupWise messages. It corresponds with the GWIA’s --imap4 
switch. 


Number of Threads for IMAP4 Connections: The IMAP4 threads setting lets you specify the 
number of connections for IMAP4 reguests. The default is 10 threads. This setting corresponds 
with the GWIA’s --it switch. 
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Number of Threads for IMAP4 SSL Connections: Specify the maximum number of threads 
you want the GWIA to use for secure IMAP4 connections. This setting corresponds with the 
GWIA’s --sslit switch. 


Maximum Number of Items to Read: Specify in thousands the maximum number of items that 
you want the GWIA to download at one time. By default, the GWIA downloads 20,000 items ata 
time. For example, specify 15 to download 15,000 items at a time. The higher the setting, the 
more memory the GWIA uses to process a single folder. This setting corresponds with the 
GWIA's --imapreadlimit switch. See also the --imapreadnew switch. 


Do Not Publish GroupWise Information on an Initial IMAP4 Connection: This option 
suppresses the Group Wise version and copyright date information that the GWIA typically 
responds with when contacted by an IMAP client. It is enabled by default. This setting 
corresponds with the GWIA’s --noimapversion switch. 


5 Click OK to save the changes. 


The Post Office Agent (POA) can also be configured to support IMAP connections. You could offer 
IMAP services internally through the POA to provide faster response time for internal users, as 
described in Section 36.2.3, “Supporting IMAP Clients,” on page 498. However, IMAP is primarily 
available on the POA to support several third-party applications that communicate with the POA 
using IMAP, while the IMAP services provided by the GWIA provide the standard IMAP access used 
by users across the Internet. 


Configuring Post Office Links 


To function as a POP3/IMAP4 server, the GWIA requires access to each post office that contains 
mailboxes that will be accessed by a POP3/IMAP4 client. The GWIA can connect directly to the post 
office directory through a UNC path or mapped drive, or it can use a TCP/IP connection to the Post 
Office Agent (POA). By default, the GWIA uses the access mode that has been defined for the post 
office (Post Office object > GroupWise > Post Office Settings). If necessary, you can change the way the 
GWIA links to a post office. 


To change a post office link: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click Post Office Links > Settings. 


The Post Office list displays all post offices in your GroupWise system and how the GWIA 
connects to them 
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SMTPMIME + | LDAP | POPSMMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Group! 
| Settings 


Post Offices: 


Domain Post Office Access Mode 


Provo1 Legal AS 173.16.5.11 
Provo2 Sales jbd-win 
Provo2 ‘Support 173.16.5.13 
Provo3 Marketing Jbd-Inx 


Edit Link... 


Page Options... 


3 Inthe Post Offices list, select the post office whose link information you want to change, then 
click Edit Link to display the Edit Post Office Link dialog box. 


Edit Post Office Link 


Domain: Provo3 OK 
Post Office: Marketing 

- = Cancel 
Current Post Office Access: Client Server Only 
Access Mode: Client Server Only [7] 


Direct Access 
Gi 
tz 


Client/Server Access 


Host Name or IP Address: fiba-inx 
TCP Port: [1677 


4 Define the following properties: 


Access Mode: The access mode determines whether the GWIA uses client/server access, direct 
access, or both client/server and direct access to connect to the post office. With client/server and 
direct, the GWIA first tries client/server access; if client/server access fails, it then tries direct 
access. You can also choose to use the same access mode currently defined for the post office (on 
the Post Office object's Post Office Settings). The current access mode is displayed in the Current 
Post Office Access field. 


Direct Access: When connecting to the post office in direct mode, the GWIA can use the post 
office's UNC path (as defined on the Post Office object's Identification) or a mapped path that 
you enter. 


Client/Server Access: When connecting to the post office in client/server mode, the GWIA must 
know the hostname (or IP address) and port number of the Post Office Agent running against 
the post office. 


5 Click OK. 
6 Repeat Step 3 through Step 5 for each post office whose link you want to change. 
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Giving POP3 or IMAP4 Access Rights to Users 


Access to POP3/IMAP4 services is determined by the class of service in which they are a member. By 
default, all users are members of the default class of service, which gives them POP3 and IMAP4 
access. 


If you changed the default class of service to exclude POP3 or IMAP4 access rights, or if you defined 
additional classes of services that do not provide POP3 or IMAP4 access rights, you might want to 
evaluate your currently defined classes of service to ensure that they provide the appropriate POP3 
or IMAP4 access. For details, see Section 54.1, “Controlling User Access to the Internet,” on page 787. 


Setting Up an Email Client for POP3/IMAP4 Services 


With the GWIA setup as a POP3 and/or IMAP4 server, you can configure users’ email clients to 
download messages from Group Wise mailboxes. 


Most email clients are configured differently. However, all Internet clients need to know the 
following information: 


+ POP3/IMAP4 Server: The DNS hostname or IP address of the GWIA. 


+ Login Name: The user's GroupWise user ID. For POP3 clients, there are several user ID login 
options you can use to control how the GWIA handles the user's messages. For example, you 
can limit how many messages are downloaded each session. For more information, see “User ID 
Login Options” on page 781. 


* Password: The user's existing GroupWise mailbox password. POP3/IMAP4 services reguires 
users to have passwords assigned to their mailboxes. 


User ID Login Options 


With POP3 clients, users can add the options listed in the table below to the login name (GroupWise 
user ID) to control management of their mailbox messages. If used, these options override the POP3 
settings assigned through the user's class of service (see Section 54.1.2, “Creating a Class of Service,” 
on page 788). 


Login options are appended to the user ID name with a colon character (:) between the user ID name 
and the switches: 


Syntax: user ID:switch 
Example: User1:v=1 


You can combine options by stringing them together after the user ID and the colon without any 
spaces between the options: 


Syntax: user ID:switch1switch2 


Example: User1 :v=1sd1=10 
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The syntax for the user ID options is not case sensitive. Login options are not required. If you do not 
want to include any login options, just enter the user ID name in the text box, or following the USER 
command if you are using a Telnet application as your POP3 client. 


Option 


v=number between 1-31 


t=1-1000 


1=1-1000 


Explanation Example 


The v option defines the POP3 client's view number. If multiple User ID:v=1 
POP3 clients access the same GroupWise mailbox, each 

client must use a different view number in order to see a fresh 

mailbox. 


For example, if two POP3 clients access a mailbox and the 
first client downloads the unread messages, the second client 
cannot download the messages unless it is using a different 
view number than the first client. 


If this option is not used, the default value is 1. 


The d option deletes the messages from the GroupWise User ID:d 
mailbox after they have been downloaded to the POP3 client. 


The p option purges the messages from the GroupWise User ID:p 
mailbox after they have been downloaded to the POP3 client. 


The t option defines the download period, starting with the User ID:t=14 
current day. For example, if you specify 14, then only 

messages that are 14 days old or newer are downloaded. If 

this option is not used, the default value is 30 days. 


The n option downloads messages in RFC-822 format rather User ID:N 
than the default MIME format. 


The m option downloads messages in MIME format. This is User ID:M 
the default. 


The s option presets the file size when the STAT commandis User ID:$ 
executed. If the user mailbox contains a lot of messages or 

large messages, it can take a long time to calculate the file 

size. With this option, the STAT command always reports an 

artificial file size of 1, which can save time. 


The | option limits the number of messages to download for User ID:L=10 
each POP3 session. For example, if you want to limit the 

number of messages to 10, you enter 1=10. If this option is not 

used, the default value is 100 messages. 


Configuring LDAP Services 


The GWIA supports the Lightweight Directory Access Protocol (LDAP) standard. With LDAP 
enabled, the GroupWise GWIA functions as an LDAP server, allowing LDAP gueries for GroupWise 
user information contained in the GroupWise Address Book. You can also configure which 
GroupWise fields (Given Name, Last Name, Phone, and E-Mail) are visible to an LDAP guery. 


+ Section 53.3.1, “Enabling LDAP Services,” on page 783 


+ Section 53.3.2, “Configuring Public Access,” on page 784 
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IMPORTANT: For users to perform LDAP searches for GroupWise user information, they need to 
define the GroupWise Address Book as an LDAP directory in their email client. When doing so, they 
use the GWIA’s DNS hostname or IP address for the LDAP server address 


Enabling LDAP Services 


To enable and configure LDAP services for mail client access: 
1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click LDAP > Settings to display the LDAP Settings page. 


Properties of GWIA 


SMTPMIME -| LDAP POPSAMAP4 | Server Directories | Access Control v | Reattach | Post Office Links | Group? [>] 
| Settings 


Enable LDAP service 


Number of LDAP threads: [10 E 


LDAP context: [ 
(search root or search base) Example: O=Novell,C=U5 


LDAP referral URL: L B 
Example: Idap://Idap.provider.com 


To specify the visibility of certain GroupWise Fields (address information) and to set restrictions for the public directory 
searches, use the LDAP Public Access page. Click Access Control, then select the LDAP Public property page to make 
changes to these settings. 


3 Fillinthe fields: 


Enable LDAP Service: Turn on this option to allow LDAP gueries. LDAP service is off by 
default. This setting corresponds to the GWIA’s --Idap switch. 


Number of LDAP Threads: The LDAP Threads setting lets you specify the maximum number of 
threads that process LDAP gueries. The default is 10 threads. This setting corresponds with the 
GWIA’s --Idapthrd switch. 


LDAP Context: Use this option to limit the directory context in which the LDAP server searches. 
For example, if you want to limit LDAP searches to the Novell organization container located 
under the United States country container, enter O=Novell,C=US. This setting corresponds with 
the GWIA’s --Idapentxt switch. 


If you enter an LDAP context, you must make sure that users, when defining the directory in 
their email client, enter the same context (using the identical text you did) in the Search Base or 
Search Root field. 


You can leave the settings empty in both locations. 


LDAP Referral URL: Use this option to define a secondary LDAP server to which you can refer 
an LDAP query if the query fails to find a user or address in your GroupWise system. For this 
option to work, the requesting Web browser must be able to track referral URLs. This setting 
corresponds with the GWIA’s --Idaprefurl switch. 


4 Continue with the next section, Configuring Public Access. 
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After you have enabled LDAP services, you can configure which GroupWise fields are visible to 
LDAP searches and also set search restrictions. By default, no fields are visible. 


1 Ifthe GWIA object’s property page is not open, right-click the GWIA object, then click Properties. 


2 Click Access Control > LDAP Public Settings. 


Properties of GWIA 
SMTPMIME + | LDAP | POP3AMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Group! G>] 
| LDAP Public Settings 
LDAP Defaults 
© Allow access 


(° Prevent access 


Visible Fields: 


GroupWise Field Visibility 
Given Name Not Visible 
Last Name Not Visible 
Phone Not Visible 
E-Mail Not Visible 


Limit Search 
Number of Entries to Return: 


How Many Seconds to Search: 


Idle Minutes Before Timeout: 


Page Options... 


3 Fillin the fields: 


LDAP Defaults: Select one of the following defaults for public access: Allow Access or Prevent 
Access. If you select Allow Access, the GroupWise fields (in the Visible Fields lists) default to Visible 
for an LDAP search. If you select Prevent Access, the GroupWise fields default to Not Visible. 


Visible Fields: You can override the default visibility for a GroupWise field (Given Name, Last 
Name, Phone, and E-Mail) by selecting the field and then clicking the appropriate visibility button 
(Visible or Not Visible). For example, if you have selected Allow Access as the LDAP default, but 
you don’t want users’ telephone numbers to be visible, you can mark the Phone field as Not 
Visible. 


Number of Entries to Return: Select the maximum number of entries to return. The default is 
100. 


How Many Seconds to Search: Select the maximum amount of time (in seconds) you want the 
GWIA to spend searching. The default is 120 seconds. 


Idle Minutes before Timeout: Specify the number of minutes to allow the search to continue 
without finding a matching address entry. The default is 5 minutes. 


4 Click OK to save the changes. 
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Configuring Paging Services 


The Group Wise GWIA includes the ability to send a GroupWise message to a pager through an 
Internet paging service provider. The GWIA’s paging service includes the following features: 


+ Smart forwarding: If a message has been replied to or forwarded before being sent to a pager, 
the GWIA identifies the original message and sends only it. 


+ Easy to read originator information: The GWIA sends the original From, Subject, and Message 
information to the pager, rather than cryptic Header information. 


+ User block control: By using the /l=length and /b=number switches on the message's To line, the 
sender can control the block length and number of blocks to send to the pager. By default, the 
GWIA sends 255 bytes per block (/1=255 /b=1). 


To set up and use paging services, complete the tasks in the following sections: 


+ Section 53.4.1, “Setting Up Paging,” on page 785 
+ Section 53.4.2, “Using Paging,” on page 786 


Setting Up Paging 


To set up the GWIA’s paging service, you need to create a non-GroupWise domain to represent the 
paging service and then use your GWIA to link your system to the non-GroupWise domain. The non- 
GroupWise domain enables GroupWise to correctly identify pager messages and route messages to 
the GWIA, which can then send the messages to the Internet. 

+ “Creating a Non-GroupWise Domain” on page 785 


* “Linking the GWIA to the Non-GroupWise Domain” on page 786 


Creating a Non-GroupWise Domain 


1 In ConsoleOne, right-click the GroupWise System object, click New, then click Non-GroupWise 
Domain to display the Create Non-GroupWise Domain dialog box. 


Create Non-GroupWise Domain 


Domain name: 


Time Zone: 
(GMT-05:00) Eastern Time (US 8 Canada) 


Link To Domain: 
Provot 


I Create another domain 


2 Fill in the following information: 


Domain Name: Provide the domain with a name such as Page. Users need to know the name 
when addressing pager messages. 


Time Zone: Select the time zone in which the GWIA is located. 
Link to Domain: Select the domain in which the GWIA is located. 
3 Click OK to create the domain. 
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Linking the GWIA to the Non-GroupWise Domain 


1 In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration to display the GroupWise 
Link Configuration tool. 


2 Inthe drop-down list, select the domain that owns the GWIA that you are using for this paging 
service. 


3 Inthe Outbound Links box, right-click the non-GroupWise domain, then click Edit. 


4 Click Yes to accept the domain path as the mapped path and display the Edit Domain Link 
dialog box. 


In the Link Type field, select Gateway. 
In the Gateway Link field, select the Internet Agent. 
In the Gateway Access String field, type -page. 


Click OK to save the information. 


© ON OO UW 


Click File > Exit > Yes to save your changes and exit the Link Configuration tool. 
10 Restart the GWIA. 


Using Paging 

To use paging, GroupWise users must address messages to the non-GroupWise domain, specifying 
the PIN number of the pager and the hostname of the paging service in the following format: 
domain:pin@paging service provider 

For example, 

page:123456789@skytel.com 

page:123456789@epage.arch.com 


By using the /l=length and /b=number switches on the message's To line, the sender can control the 
block length and number of blocks to send to the pager. For example, 


page:123456789Gepage.arch.com/1=128/b=4 
By default, the GWIA sends 255 bytes per block (/1=255 /b=1). 
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Managing Internet Access 


After you have configured the Internet services that you want the GWIA to provide in your 
GroupWise system, you need to take control of the information that flows in and out between your 
GroupWise system and the Internet. 

+ Section 54.1, “Controlling User Access to the Internet,” on page 787 

+ Section 54.2, “Blocking Unwanted Email from the Internet,” on page 798 

+ Section 54.3, “Tracking Internet Traffic with Accounting Data,” on page 805 


Controlling User Access to the Internet 


You can use the GroupWise GWIA’s Access Control feature to configure a user's ability to send and 
receive SMTP/MIME messages to and from Internet recipients and to access his or her mailbox from 
POP3 or IMAP4 email clients. In addition to enabling or disabling a user's access to features, you can 
configure specific settings for the features. For example, for outgoing SMTP/MIME messages, you 
can limit the size of the messages or the sites to which they can be sent. By default, there are no 
limitations. 


Access Control can be implemented at a user, distribution list, post office, or domain level. 
Choose from the following information to learn how to set up and use Access Control. 


+ Section 54.1.1, “Classes of Service,” on page 787 

+ Section 54.1.2, “Creating a Class of Service,” on page 788 

+ Section 54.1.3, “Testing Access Control Settings,” on page 794 

+ Section 54.1.4, “Maintaining the Access Control Database,” on page 796 


Classes of Service 


A class of service is a specifically defined configuration of GWIA privileges. A class of service 
controls the following types of access activities: 
+ Whether SMTP/MIME messages are allowed to transfer to and from the Internet 


+ Whether SMTP/MIME messages are allowed to transfer to and from specific domains on the 
Internet 


¢ The maximum size of SMTP/MIME messages that can transfer to and from the Internet 


+ Whether SMTP/MIME messages generated by GroupWise rules are allowed to transfer to the 
Internet 


+ Whether IMAP4 clients are allowed to access the GroupWise system 


+ Whether POP3 clients are allowed to access the GroupWise system, and if allowed, how 
messages to and from POP3 clients are managed by the GroupWise system 
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The default class of service, which all users belong to, allows incoming and outgoing SMTP/MIME 
messages, and allows POP3 and IMAP4 access. You can control user access, at an individual, 
distribution list, post office, or domain level, by creating different classes of service and adding the 
appropriate members to the classes. For example, you could create a class of service that limits the 
size of SMTP/MIME messages for a selected individual, distribution list, post office, or domain. 


Because you can assign membership at the user, distribution list, post office, and domain level, it is 
possible that a single user can be a member of multiple classes of service. This conflict is resolved 
hierarchically, as shown in the following table: 


Membershipassigned Overrides membership assigned 
to a user through a... to the user through the... 


domain * default class of service 

post office + default class of service 
* domain 

distribution list + default class of service 
* domain 


+ post office 


user + default class of service 
+ domain 


+ post office 


If a user’s membership in two classes of service is based upon the same level of membership (for 
example, both through individual user membership), the class that applies is the one that allows the 
most privileges. 


IMPORTANT: The GWIA uses the message size limit set for the default class of service as the 
maximum incoming message size for your GroupWise system. Therefore, you should set the 
message size for the default class of service to accommodate the largest message that you want to 
allow into your GroupWise system. As needed, you can then create other classes of service with 
smaller message size limits to restrict the size of incoming messages for selected users, distribution 
lists, post offices, or domains. Methods for restricting message size within your GroupWise system 
are described in Section 12.3.5, “Restricting the Size of Messages That Users Can Send,” on page 201. 


Attachments to incoming SMTP messages are included in the mime. 822 file, in addition to being 
attached to the message. Therefore, attachments contribute twice to the size of the overall message. 
Take this account when determining the maximum incoming message size for your GroupWise 
system. 


Creating a Class of Service 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click Access Control > Settings to display the Access Control Settings page. 
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Properties of GWIA 


5 Onthe SMTP Incoming tab, choose from the following options: 
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Inherit Access: Select this option if you want members of this class of service to inherit their 
SMTP Incoming access from a class of service assigned at a higher level. For example, a post 
office inherits the domain’s access. If the domain is not a member of a class of service, the post 
office inherits the default class of service. 


Allow Incoming Messages: Select this option to allow members of the class of service to receive 
email messages through the GWIA. You can use the Exceptions option to prevent messages from 
specific Internet sites. 


Prevent Incoming Messages: Select this option to prevent email messages coming from the 
Internet. You can use the Exceptions option to allow messages from specific Internet sites. 


NOTE: If a member of the class of service to allow or prevent has an alias, you must also add the 
member's alias to the class of service. Ongoing use of aliases is not recommended. For more 
information, see Section 5.14, “Gateway Alias Migration,” on page 98. 


Prevent Messages Larger Than: This option is available only if you chose Allow Incoming 
Messages or Prevent Incoming Messages. In the case of Prevent Incoming Messages, this option only 
applies to messages received from Internet sites listed in the Allow Messages From list. 


If you want to set a size limit on incoming messages, select the limit. 


Internet messages that exceed the limit are not delivered. The sender receives an email message 
indicating that the message is undeliverable and including the following explanation: 


Message exceeds maximum allowed size 


IMPORTANT: If you have also set a message size limit for your MTAs, as described in 
Section 42.2.1, “Restricting Message Size between Domains,” on page 642, make sure that the 
MTA message size limit is equal to or greater than the GWIA message size limit. 


Exceptions: This option is available only if you chose Allow Incoming Messages or Prevent 
Incoming Messages. 


Prevent Messages From: If you chose to allow incoming messages but you want to prevent 
messages from specific Internet sites (IP addresses or DNS hostnames), add the sites to the 
Prevent Messages From list. 


Allow Messages From: Conversely, if you chose to prevent incoming messages but you want to 
allow messages from specific Internet sites (IP addresses or DNS hostnames), add the sites to the 
Allow Messages From list. 


If you want to allow messages where the user name is blank, add Blank-Sender-User-ID to the 
Allow Messages From list. 


6 Click SMTP Outgoing, then choose from the following options: 
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Edit Class of Service 


comes 
SMTP Incoming | SMTP Outgoing || 1MAP4 | POPS 


SMTP Outgoing Defaults 


©) Allow outgoing messages 


© Prevent outgoing messages 


Prevent messages larger than! 1 |kbytes 


Rule-generated messages 


v] Allow replies 
v] Allow Forwards 


Inherit Access: Select this option if you want members of this class of service to inherit their 
SMTP Outgoing access from a class of service assigned at a higher level. For example, a post 
office inherits the domain’s access. If the domain is not a member of a class of service, the post 
office inherits the default class of service. 


Allow Outgoing Messages: Select this option to allow members of the class of service to send 
email messages over the Internet. You can use the Exceptions option to prevent messages from 
being sent to specific Internet sites. 


Prevent Outgoing Messages: Select this option to prevent members of the class of service from 
sending email messages over the Internet. You can use the Exceptions option to allow messages 
to be sent to specific Internet sites. 


Prevent Messages Larger Than: This option is available only if you chose Allow Outgoing 
Messages or Prevent Outgoing Messages. 


If you want to set a size limit on outgoing messages, specify the limit. 


Exceptions: This option is available only if you chose Allow Outgoing Messages or Prevent 
Outgoing Messages. 


If you chose to allow outgoing messages but you want to prevent messages from being sent to 
specific Internet sites (IP addresses or DNS hostnames), add the sites to the Prevent Messages To 
list. 


Conversely, if you chose to prevent outgoing messages but you want to allow messages to be 
sent to specific Internet sites (IP addresses or DNS hostnames), add the sites to the Allow 
Messages To list. 


Allow Replies: This option is available only if you chose Allow Outgoing Messages or Prevent 
Outgoing Messages. 


Turn on this option to allow the GWIA to send rule-generated replies to messages (such as 
vacation rule messages). 


In addition, you can use the /blockrulegenmsg startup switch to allow some types of rule- 
generated messages while blocking others. 


Exceptions: Click Exceptions to create a list of specific Internet addresses that are handled 
opposite to the Allow Replies setting. 


Allow Forwards: This option is available only if you chose Allow Outgoing Messages or Prevent 
Outgoing Messages. 
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EN 


Turn on this option to allow the GWIA to forward rule-generated messages (which can be a 
security issue). 


In addition, you can use the /blockrulegenmsg startup switch to allow some types of rule- 
generated messages while blocking others. 


Exceptions: Click Exceptions to create a list of specific Internet addresses that are handled 
opposite to the Allow Forwards setting. 


Click IMAP4, then choose from the following options: 


Inherit Access: Select this option if you want members of this class of service to inherit their 
IMAP4 access from a class of service assigned at a higher level. For example, a post office 
inherits the domain’s access. If the domain is not a member of a class of service, the post office 
inherits the default class of service. 


Allow Access: Select this option to allow members of the class to send and receive messages 
with an IMAP4 client. 


Prevent Access: Select this option to prevent members of the class from sending and receiving 
messages with an IMAP4 client. 


Click POP3, then choose from the following options: 


Inherit Access: Select this option if you want members of this class of service to inherit their 
POP3 access from a class of service assigned at a higher level. For example, a post office inherits 
the domain's access. If the domain is not a member of a class of service, the post office inherits 
the default class of service. 


Allow Access: Select this option to allow members of the class to download their GroupWise 
messages to a POP3 client. 


Prevent Access: Select this option to prevent downloading GroupWise messages to a POP3 
client. 


Delete Messages from GroupWise Mailbox after Download: This option applies only if you 
selected Allow Access. 


If you turn on this option, messages downloaded from a GroupWise Mailbox to a POP3 client 
are moved to the Trash folder in the GroupWise Mailbox. 


POP3 client users can enable this option by using the userID:d login option when initiating their 
POP session. For more information, see “User ID Login Options” on page 781. 


Purge Messages from GroupWise Mailbox after Download: This option applies only if you 
selected Allow Access. 


If you turn on this option, messages downloaded from a GroupWise Mailbox are moved to the 
Mailbox's Trash folder and then emptied, completely removing the messages from the Mailbox. 


POP3 client users can enable this option by using the userID:p login option when initiating their 
POP session. For more information, see “User ID Login Options” on page 781. 


Convert Messages to MIME Format When Downloading: This option applies only if you 
selected Allow Access. 


If you turn on this option, messages downloaded to a POP3 client are converted to the MIME 
format. 


POP3 client users can enable this option by using the userID:m login option when initiating their 
POP session. They can disable it by using the userID:n login option; this converts messages to 
RFC-822 format. For more information, see “User ID Login Options” on page 781. 


High Performance on File Size Calculations: This option applies only if you selected Allow 
Access. 
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POP3 clients calculate the size of each message file before downloading it. Turn on this option if 
you want to assign a size of 1 KB to each message file. This eliminates the time associated with 
calculating a file’s actual size. 

POP3 client users can enable this option by using the userID:s login option when initiating their 
POP session. For more information, see “User ID Login Options” on page 781. 

Number of Days Prior to Today to Get Messages From: This option applies only if you selected 
Allow Access. 


Select the number of days to go back to look for GroupWise Mailbox messages to download to 
the POP3 client. The default is 30 days. 


POP3 client users can override this option by using the userID:t=x login option when initiating 
their POP session. For more information, see “User ID Login Options” on page 781. 


Maximum Number of Messages to Download: This option applies only if you selected Allow 
Access. 


Select the maximum number of messages a user can download at one time from a GroupWise 
Mailbox to a POP3 client. The default is 100 messages. 


POP3 client users can override this option by using the userID:l=x login option when initiating 
their POP session. For more information, see “User ID Login Options” on page 781. 


9 Click OK to display the Select Group Wise Object dialog box. 


Select GroupWise Object 


| | | | | 
Object ID Domain Post Office First Name Last Name cca | 

jadharmapalan = Into 
Provo2 Sales Art Ramirez 
Provo1 Development Alfons Skoczylas Help 
Provo3 Marketing Benjii Gensomino 
Provo3 Marketing Charles Bolton 
Provo3 Marketing Flavian Haughey 
Provo3 Marketing Fred Thompson 
Provo1 Development Grace Smith 
Provo1 Development Heather Sarmiento 
Provo3 Marketing Janet DeSoto 
Provot Legal James Mallory 
Provo1 Development John Pangilinan © Post Offices 
Provo2 Sales Jason Stevens C Distribution Lists 
Provo3 Marketing Ishmael Yacoub 
Provo1 Development Matt Barnard = @ Users 


C Domains 


10 Select Domains, Post Offices, Distribution Lists, or Users to display the list you want. 


11 In the list, select the domain, post office, distribution list, or user you want, then click Add to add 
the object as a member in the class. You can Control+click or Shift+click to select multiple users. 
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SMTPMIME + | LDAP | POPSMMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi 


Class of Service: 


Default Class of Service 


Memberships: 


adharmapalan Marketing 
bgelsomino Marketing 
choiton Marketing 
fhaughey Marketing 
fthompson Marketing 
lidesoto Marketing 
jyacoub Marketing 
mlamaroux Marketing 
rsteadman Marketing 


Test 


Page Options... 


Member ID Post Office 


Marketing 


Domain 


12 To add additional domains, post offices, distribution lists, or users as members of the class of 
service, select the class of server, then click Add to display the Select GroupWise Object dialog 


box. 


13 Click OK (on the Settings page) when you are finished adding members. 


54.1.3 Testing Access Control Settings 


If you created multiple classes of service, you might not know exactly which settings are being 
applied to a specific object (domain, post office, distribution list, or user) and which class of service 
the setting is coming from. To discover an object’s settings, you can test the object’s access. 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 


2 Click Access Control > Settings to display the Access Control Settings page. 


Properties of GWIA 


SMTPMME + | LDAP | porsamapa | Server Directories | Access Control + | Reattach | Post Office Links | Group 


Class of Service: 


Default Class of Service 


Memberships: 
Member ID Post Office 


Marketing 


Domain 


adharmapalan Marketing 
bgelsomino Marketing 
cholton Marketing 
fhaughey Marketing 
fthompson Marketing 
lidesoto Marketing 
jyacoub Marketing 
mlamaroux Marketing 
rsteadman Marketing 


Test 


Page Options... 
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Provo3 
Provo3 
Provo3 
Provo3 
Provo3 
Provo3 
Provo3 
Provo3 
Provo3 


OK Cancel Apply Help 


3 Click Test to display the Select Group Wise Object dialog box. 


KS select GroupWise Object 


OK a 


Object ID Post Office 


adharmapalan |Provo3 Marketing 
Provo2 Sales 
Provot Development 
Provo3 Marketing 
Provo3 Marketing 
Provo3 Marketing 
Provo3 Marketing 
Provot Development 
Provo1 Development 
Provo3 Marketing 
Provot Legal 
Provot Development 
Provo2 Sales 
Provo3 Marketing 
Provo1 Development 


Alfons 
Benjii 
Charles 
Flavian 
Fred 
Grace 
Heather 
Janet 
James 
John 
Jason 
Ishmael 
Matt 


Cancel 


Dharmapalan 
Ramirez 
Skoczylas 
Gensomino 
Bolton 
Haughey 
Thompson 
Smith 
Sarmiento 
DeSoto 
Mallory 
Pangilinan 
Stevens 
Yacoub 
Barnard 


C Domains 

© Post Offices 

© Distribution Lists 
x] Users 


You use this dialog box to select the object (domain, post office, distribution list, or user) whose 


access you want to test. 


4 Select Domains, Post Offices, Distribution Lists, or Users to display the list you want. For example, 
if you want to see what access an individual user has, select Users. 


5 In the list, select the object you want to view, then click View Access. 


The tabbed pages show the access control settings for SMTP Incoming, SMTP Outgoing, IMAP4, 
and POP3 as they are applied to that user, distribution list, post office, or domain. 


View Access 


SMTP Outgoing | IMAP4 | POP3 
Setting 


Allow incoming SMTP messages by default 
Incoming SMTP messages can be any size 


Setting Source 


Class of Service: --- 
Domain: 
Post Office: 


Member ID: 


6 To viewthe source for a specific setting, select the setting in the Setting box 


The Setting Source fields display the class of service being applied to the object. It also displays 
the Member ID through which the class is being applied. 
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View Access 


SMTP Incoming | SMTP Outgoing | mapa | POP3 | 


Setting 
iG Tenia CMP re LUCE aaa 
Incoming SMTP messages can be any size 


Setting Source 


Class of Service: Marketing 
Domain: Provo3 
Post Office: Marketing 


Member ID: idesoto 


7 When you are finished, click OK. 


54.1.4 Maintaining the Access Control Database 


The Access Control database stores the information for the various classes of service you have 
created. If any problems occur with a class of service, you can validate the database to check for 
errors with the records and indexes contained in the database. If errors are found, you can recover the 
database. 


The Access database, gwac . db, is located in the domain\wpgate\gwia directory. 


¢ “Validating the Database” on page 796 
+ “Recovering the Database” on page 797 


Validating the Database 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click Access Control > Database Management to display the Database Management page. 
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SMTPMME ~ | LDAP | Popsamapa | Server Directories |} Reattach | Post Office Links | Groy 
| Database Management 


Validate Database 
Validate checks for physical consistency. If problems are found, you should perform a Recover. 


Validate Now... 


Recover Database 
Recover can be performed even when the database is in use. Any database inconsistencies will be corrected, but may 


result in loss of information. 
Recover Now... 


Page Options... Cancel Help 


3 Click Validate Now. 
4 After the database has been validated, click OK. 


5 If errors were found, see Recovering the Database below. 


Recovering the Database 


If you encountered errors when validating the database, you must recover the database. During the 
recovery process a new database is created and all intact records are copied to the new database. 
Some records might not be intact, so you should check the classes of services to see if any information 


was lost. 
1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click Access Control > Database Management to display the Database Management page. 


Properties of GWIA 


SMTPMME + | LDAP | POP31MAP4 | Server Directories | Reattach | Post Office Links | Grou 
| Database Management 


Validate Database 
Validate checks for physical consistency. If problems are found, you should perform a Recover. 


Validate Now... 


Recover Database 
Recover can be performed even when the database is in use. Any database inconsistencies will be corrected, but may 


result in loss of information. 
Recover Now... 


Page Options... Cancel Help 
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3 Click Recover Now. 
4 Click OK. 


5 Check your class of service list to make sure that it is complete. 


54.2 Blocking Unwanted Email from the Internet 


The GWIA includes the following features to help you protect your GroupWise system and users 
from unwanted email: 

+ Section 54.2.1, “Real-Time Blacklists,” on page 798 

+ Section 54.2.2, “Access Control Lists,” on page 800 

+ Section 54.2.3, “Blocked.txt File,” on page 800 

+ Section 54.2.4, “Mailbomb (Spam) Protection,” on page 801 

+ Section 54.2.5, “Customized Spam Identification,” on page 802 

+ Section 54.2.6, “SMTP Host Authentication,” on page 803 

+ Section 54.2.7, “Unidentified Host Rejection,” on page 804 


54.2.1 Real-Time Blacklists 


Organizations such as SpamCop (http://www.spamcop.net) provide lists of IP addresses that are 
known to be open relay hosts or spam hosts. If you want to use free blacklist services such as these, or 
if you subscribe to fee-based services, you must define the blacklist addresses for these services. The 
GWIA then uses the defined services to ensure that no messages are received from blacklisted hosts. 
The following sections provide information to help you define blacklist addresses and, if necessary, 
override a host address included in a blacklist. 


+ “Defining a Blacklist Address” on page 798 
+ “Overriding a Blacklist” on page 800 


NOTE: If you want to configure the GWIA to block a specific IP address or DNS hostname, add the 
address or hostname toa class of service, as described in Section 54.1, “Controlling User Access to the 
Internet,” on page 787. The Blacklist feature configures the GWIA to use blacklist services that 
provide real-time lists of many sites that are known to be bad. 


Defining a Blacklist Address 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click Access Control > Blacklists to display the Blacklists page. 
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Properties of GWIA 
SMTPMIME M LDAP | POP31MAP4 | Server Directories | v i| Reattach | Post Office Links Group 


Blacklist Addresses 


Page Options... 


The Blacklist Addresses list displays the addresses of all blacklists that the GWIA checks when it 
receives a message from another SMTP host. The GWIA checks the first blacklist and continues 
checking lists until the sending SMTP host’s IP address is found or all lists have been checked. If 
the sending SMTP host’s IP address is included on any of the blacklists, the message is rejected. 
If you have the GWIA’s logging level set to Verbose, the log file includes information about the 
rejected message and the referring blacklist. 


This list corresponds with the GWIA’s /rbl switch. 
3 Click Add to display the New Blacklist Address dialog box. 


New Blacklist Address 


Address: | 


For example, for SpamCop (http://www.spamcop.net), you would use the following address: 


bl.spamcop.net 


4 Type the blacklist address in the Address box, then click OK to add the address to the Blacklist 
Addresses list. 


5 If you have multiple blacklists in the Blacklist Addresses list, use the up-arrow and down-arrow to 
position the blacklists in the order you want them checked. The GWIA checks the blacklists in 
the order they are listed, from top to bottom. 


6 Click OK to save your changes. 
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Overriding a Blacklist 


In some cases, a blacklist might contain a host from which you still want to receive messages. For 
example, goodhost.com has been accidentally added to a blacklist but you still want to receive 
messages from that host. 


You can use the SMTP Incoming Exceptions list on a class of service to override a blacklist. For 
information about editing or creating a class of service, see Section 54.1.2, “Creating a Class of 
Service,” on page 788. 


Access Control Lists 


If you want to block specific hosts yourself rather than use a blacklist (in other words, create your 
own blacklist), you can configure a class of service that prevents messages from those hosts. You do 
this on the GWIA object's Access Control Settings page by editing the desired class of service to add 
the hosts to the Prevent Messages From exception list on the SMTP Incoming tab. For example, if you 
wanted to block all messages from badhost.com, you could edit the default class of service to add 
badhost.com to the list of prevented hosts. 


You can also create a list of hosts that you always want to allow messages from, so you can create 
your own white list. 


For information about editing or creating a class of service, see Section 54.1.2, “Creating a Class of 
Service,” on page 788. 


Blocked.txt File 


ConsoleOne creates a blocked. txt file that includes all the hosts that have been added to the Prevent 
Messages From exceptions list for the default class of service (see Section 54.1, “Controlling User 
Access to the Internet,” on page 787). 


You can manually edit the blocked. txt file to add or remove hosts. To maintain consistency for your 
system, you can also copy the list to other GWIA installations. 


To manually edit the blocked. txt file: 


1 Openthe blocked.txt file ina text editor. 
2 Addthe host addresses. 


The entry format is: 


address1 
address2 
address3 


where address is either a hostname or an IP address. You can block on any octet. For example: 


IP Address Blocks 

** * 34 Any IP address ending with 34 

172.16.*.34 Any IP address starting with 172.16 and ending with 34 
172.16.10-34.* Any IP address starting with 172.16 and any octet from 10 to 34 
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You can block on any segment of the hostname. For example: 


Hostname Blocks 
provo*.novell.com provo.novell.com provo1.novell.com provo2.novell.com 
* novell.com gw.novell.com (but not novell.com itself) 


There is no limit to the number of IP addresses and hostnames that you can block in the 
blocked.txt file 


3 Save the file as blocked. txt. 


Mailbomb (Spam) Protection 


Multiple unsolicited messages (sometimes called a mailbomb or spam) from the Internet can 
potentially harm your GroupWise messaging environment. You can use the settings on the SMTP 
Security page to help protect your GroupWise system from malicious or accidental attacks. 


To configure the SMTP security settings: 
1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click SMTP/MIME > Security Settings. 


Properties of GWIA 


LDAP | POP3IMAP4 | Server Directories | Access Control ~] Reattach | Post Office Links | Groug >] 
Security Setting 


Reject if PTR record does not exist 


Enable mailbomb protection 


Mailbomb Threshold 
[ + messages received within + seconds 


Mailbomb candidates that exceed this threshold will be discarded, 


3 Fillin the fields: 


Reject if PTR Record Does Not Exist: This setting lets you prevent messages if the sender’s host 
is not authentic. 


When this setting is turned on, the GWIA refuses messages from a smart host if a DNS reverse 
lookup shows that a PTR record does not exist for the IP address of the sender’s host. 


When this setting is turned off, the GWIA accepts messages from any host, but displays a 
warning if the initiating host is not authentic. 


Managing Internet Access 9801 


This setting corresponds with the GWIA’s /rejbs switch. 


+ Reject If PTR Record Does Not Match Sender’s Greeting: Select this option if you want 
the GWIA to reject messages from sending SMTP hosts where the sending host's PTR 
record does not match the information that the SMTP host sends out when it is initially 
contacted by another SMTP host. If the information does not match, the sending host might 
not be authentic. 


+ Flag Messages with an Invalid PTR Record as Junk Mail: Select this option to allow 
messages from unidentified sources to be handled by users' Junk Mail Handling settings in 
the GroupWise client rather than by being rejected by the GWIA. This gives users more 
control over what they consider to be junk mail. 


Enable Mailbomb Protection: Mailbomb protection is turned off by default. You can turn it on 
by selecting this option. 


Mailbomb Threshold: When you enable Mailbomb protection, default values are defined in the 
threshold settings. The default settings are 30 messages received within 10 seconds. You can 
change the settings to establish an acceptable security level. 


Any group of messages that exceeds the specified threshold settings is entirely discarded. If you 
want to prevent future mailbombs from the mailbomb sender, identify the sender’s IP address 
(by looking at the GWIA’s console) and then modify the appropriate class of service to prevent 
mail being received from that IP address (Access Control > Settings). For more information, see 
Section 54.1.2, “Creating a Class of Service,” on page 788. 


The time setting corresponds with the GWIA’s /mbtime switch. The message count setting 
corresponds with the /mbcount switch. 


4 Click OK to save the changes. 


For additional protective startup switches, see Section 59.6.13, “Mailbomb and Spam Security,” on 
page 878. 


54.2.5 Customized Spam Identification 


802 


1 In ConsoleOne, right-click the GWIA, then click Properties. 
2 Click SMTP/MIME > Junk Mail. 


DAP | POP31MAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupi! 


Junk Mail 


PT Flag any messages that contain x-spam-flag:yes or any of the following x-fields and values in the MIME header as 
junk mail: 


Page Options... Cancel 
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3 Select Flag Any Messages, then specify the strings in the text box. 


Anti-spam services use different indicators to mark potential spam. One might use a string of 
asterisks; the more asterisks, the greater the likelihood that the message is spam. Another might 
use a numerical value; the higher the number, the greater the likelihood that the message is 
spam. The following samples are taken from MIME headers of messages: 


X-Spam-Results: ***** X-Spam-Status: score=9 


Based on these samples, examples are provided below of lines that you could add to the list to 
handle the X-Spam tags found in the MIME headers of messages coming into your system. 


Example: X-Spam-Results: ***** 


This line marks as spam any message whose MIME header contained an X-Spam-Results tag 
with five or more asterisks. Messages with X-Spam-Results tags with fewer than five asterisks 
are not marked as spam. 


Example: X-Spam-Status: Yes 


This line marks as spam any message whose MIME header contained the X-Spam-Status tag set 
to Yes, regardless of the score. 


Example: X-Spam-Status: score=9 X-Spam-Status: score=10 


These lines marks as spam any message whose MIME header has the X-Spam-Status tag set to 
Yes and had a score of 9 or 10. X-Spam-Status tags with scores less than 9 are not marked as 
spam. 


You can add as many lines as necessary to the list to handle whatever message tagging your anti- 
spam service uses. 


4 Click OK to save your list of strings. 


The list is saved in the xspam. cfg file in the domain\wpgate\gwia directory. As described above, 
each line of the xspam. cfg file identifies an “X” header field that your anti-spam service is writing to 
the MIME header, along with the values that flag the message as spam. The GWIA examines the 
MIME header for any field listed in the xspam. cfg file. When a match occurs, the message is marked 
for handling by the GroupWise client Junk Mail Handling feature. 


SMTP Host Authentication 


The GWIA supports SMTP host authentication for both outbound and inbound message traffic. 


+ “Outbound Authentication” on page 803 
¢ “Inbound Authentication” on page 804 


Outbound Authentication 


For outbound authentication to other SMTP hosts, the GWIA requires that the remote SMTP hosts 
support the AUTH LOGIN authentication method. To set up outbound authentication: 


1 Include the remote SMTP host’s domain name an authentication credentials in the gwauth. cfg 
file, located in the domain\wpgate\gwia directory. The format is: 


domain_name authuser authpassword 
For example: 
smtp.novell.com remotehost novell 


2 If you have multiple SMTP hosts that require authentication before they accept messages from 
your system, create an entry for each host. Make sure to include a hard return after the last entry. 
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3 If you want to allow the GWIA to send messages only to SMTP hosts listed in the gwauth.cfg 
file, use the following startup switch: 


/forceoutboundauth 


With the --forceoutboundauth switch enabled, if a message is sent to an SMTP host not listed in 
the gwauth.cfg file, the sender receives an Undeliverable message. 


Inbound Authentication 


For inbound authentication from other SMTP hosts, you can use the --forceinboundauth startup 
switch to ensure that the GWIA accepts messages only from SMTP hosts that use the AUTH LOGIN 
authentication method to provide a valid GroupWise user ID and password. The remote SMTP hosts 
can use any valid GroupWise user ID and password. However, for security reasons, we recommend 
that you create a dedicated GroupWise user account for remote SMTP host authentication. 


54.2.7 Unidentified Host Rejection 
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You can have the GWIA reject messages from unidentified sources. The GWIA refuses messages 
from a host if a DNS reverse lookup shows that a “PTR” record does not exist for the IP address of the 
sender’s host. 


If you choose not to have the GWIA reject messages from unidentified hosts, it accepts messages 
from any host, but it displays a warning if the sender’s host is not authentic. 


To configure the GWIA to reject messages from unidentified hosts: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click SMTP/MIME > Security Settings to display the Security Settings page. 


Properties of GWIA 


| LDAP | POP3IMAP4 | Server Directories | Access Control v | Reattach | Post Office Links | Groug 


Reject if PTR record does not exist 


Enable mailbomb protection 


Mailbomb Threshold 
+ messages received within + seconds 


Mailbomb candidates that exceed this threshold will be discarded, 


3 Turn on the Reject Mail if Sender’s Identity Cannot Be Verified option. 
This setting corresponds with the GWIA’s --rejbs switch. 
4 Click OK to save your changes. 
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54.3 Tracking Internet Traffic with Accounting Data 


The GWIA can supply accounting information for all messages, including information such as the 
message's source, priority, size, and destination. 


The accounting file is an ASCII-delimited text file that records the source, priority, message type, 
destination, and other information about each message sent through the gateway. The file, which is 
updated daily at midnight (and each time the GWIA restarts), is called acct and is located in the 
xxx.prc directory. If no accountant is specified for the gateway in ConsoleOne, the file is deleted and 
re-created each day. Follow the steps below to set up accounting. 

+ Section 54.3.1, “Selecting an Accountant,” on page 805 

+ Section 54.3.2, “Enabling Accounting,” on page 806 

+ Section 54.3.3, “Understanding the Accounting File,” on page 807 


+ Section 54.3.4, “Generating an Accounting Report,” on page 808 


54.3.1 Selecting an Accountant 


You can select one or more GroupWise users to be accountants. Every day at midnight, each 
accountant receives an accounting file (acct) that contains information about the messages the 
gateway sent that day. 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click GroupWise > Gateway Administrators to display the Gateway Administrators page. 


Properties of GWIA 


LDAP | POP3AMAP4 | Server Directories | Access Control ~ | Reattach | Post Office Links | 
l 


Administrator Role 


Page Options... | Cancel | 


3 Click Add, browse for and select the user you want to add, then click OK to add the user to the 
list of administrators. 


4 Select the user in the list of administrators, then click Accountant. 
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Properties of GWIA 


LDAP | POP3AMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise s { 
| Gateway Administrators 


hsarmiento Development Provo1 


-Administrator Role 


I Operator 

IV Accountant 

I Postmaster 

T Foreign Operator 


OK Cancel | Apply | Help 


5 Click OK to save the changes. 


54.3.2 Enabling Accounting 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click GroupWise > Optional Gateway Settings to display the Optional Gateway Settings page. 


Properties of GWIA 


POPSIMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise + | nosį 
| Optional Gateway Settings 


Directory Sync/Exchange: 


Accounting: 


Convert Status to Messages: 


Outbound Status Level: 
Enable Recovery: 
Retry Count: 

Retry Interval: 


Failed Recovery Wait: 


Network Reattach Command: 


Correlation Enabled: 


Correlation Age: 


None 


Pres 


[no 


[Undelivered 


Pres 
10 S| 1-99) 
5 4 seconds 


3600 El seconds 


Yes 


14 à days 


-HTTP Settings 


HTTP User Name: [ 


HTTP Password: Set Password 


Page Options... 


3 Set Accounting to Yes. 
4 Set Correlation Enabled to Yes. 
5 Click OK. 
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54.3.3 


Understanding the Accounting File 


The following is an Accounting file entry for a single event. Each field in the entry is described below. 


0,1/25/2010,21:58:39,3DE29CD2.14E:7:6953, 
Mail,2,Provo,Research, jsmith,48909,Meeting 
Agenda, Provo, GWIA, sde23a9f.001,MIME,hjonesenovell.com,1,2,11388,0 


Field 


Inbound/Outbound 


Date 
Time 


GroupWise message ID 


GroupWise message type 


GroupWise message priority 


GroupWise user's domain 


GroupWise user's post office 


GroupWise user's ID 


GroupWise user's account ID 


Message subject 


Gateway domain 
Gateway name 


Foreign message ID 


Foreign message type 


Foreign user's address 


Example 


O 


1/25/2012 
21:58:39 


3DE29CD2.14E:7:6953 


Mail 


Provo 


Research 


jsmith 


48909 


Meeting Agenda 


Provo 
GWIA 


sde23a9f.001 


MIME 


hjones@novell.com 


Description 


Displays I for inbound messages and 0 for 
outbound messages 


The date the message was processed. 
The time the message was processed. 


The unique GroupWise ID assigned to the 
message. 


Mail message, appointment, task, note, or 
phone message for outbound messages. 
Unknown for inbound messages. 


High priority = 1 Normal priority = 2 Low priority 
=3 


The domain in which the GroupWise user 
resides. 


The post office where the GroupWise user's 
mailbox resides. 


The GroupWise user's ID. For outbound 
messages, the GroupWise user is the 
message sender. For inbound messages, the 
GroupWise user is the message recipient. 


The GroupWise user's account ID. The 
account ID is assigned on the user's 
GroupWise Account page (User object > 
GroupWise > Account). 


The message's Subject line. Only the first 32 
characters are displayed. 


The domain where the GWIA resides. 
The GWIA's name. 


A unigue ID for outbound messages. The 
identifier before the period (sde23a9f) uniguely 
identifies a message. The identifier after the 
period (001) is incremented by one for each 
message sent. 


The message type (MIME, etc.) 


The foreign user's email address. For inbound 
messages, the foreign user is the message 
sender. For outbound messages, the foreign 
user is the message recipient. 
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Field Example Description 


Recipient count 1 The number of recipients. 


Attachment count 2 The number of attached files. The total count 
includes the message. 


Message size 11388 The total size, in bytes, ofthe message and its 
attachments. 
Other 0 Not used. 


54.3.4 Generating an Accounting Report 


You can use the Monitor Agent to generate a report based on the contents of this file. For more 
information, see Section 71.3.10, “Gateway Accounting Report,” on page 988. 
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55.1 


Configuring the GWIA 


For GWIA system requirements, see “Internet Agent System Reguirements” in the GroupWise 2012 
Installation Guide. For detailed instructions about installing and starting the GWIA for the first time, 
see “Installing the GroupWise Internet Agent” in the GroupWise 2012 Installation Guide. 


As your GroupWise system grows and evolves, you might need to modify your GWIA configuration 
to meet the changing needs of your system. 


+ Section 55.1, “Changing the Link Protocol between the GWIA and the MTA,” on page 809 
+ Section 55.2, “Configuring an Alternate GWIA for a Domain,” on page 810 

+ Section 55.3, “Binding the GWIA to a Specific IP Address,” on page 811 

+ Section 55.4, “Securing GWIA Connections with SSL,” on page 812 


Changing the Link Protocol between the GWIA and the MTA 


Originally, the GWIA and the MTA communicated by transferring message files through message 
queue directories, as shown in the following diagrams in GroupWise 2012 Troubleshooting 3: Message 
Flow and Directory Structure: 

+ “Mapped/UNC Link Open: Outbound Transfer to the Internet Successful” 


+ “Mapped/UNC Link Open: Inbound Transfer from the Internet Successful” 


Currently, you can also configure the GWIA so that it uses TCP/IP to communicate with the MTA, 
instead of message files, as shown in the following diagrams: 
+ “TCP/IP Link Open: Outbound Transfer to the Internet Successful” 


+ “TCP/IP Link Open: Inbound Transfer from the Internet Successful” 
During installation of the GWIA, you had the opportunity to choose between a direct link (message 
files) and a TCP/IP link. A direct link is appropriate when the GWIA and the MTA are on the same 


server. A TCP/IP link is preferable if they are on different servers. If you did not choose the TCP/IP 
link during installation, you can configure the GWIA to use TCP/IP at any time. 


If you want to enable TCP/IP communication between the GWIA and the MTA, use port number 7102 
or another available port number. If you do not want to enable TCP/IP communication, use 0 (zero) as 
the port number. 


1 In ConsoleOne, right-click the GWIA, then click Properties. 
2 Click GroupWise > Network Address. 
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Properties of GWIA 


LDAP | POPSAMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise v NDS / 
Network Address 


TCPAP Address: libd-nw 


IPX/SPX Address: | 
1 Bind Exclusively to TCPAP Address 


SSL SSL Port 
Message Transfer: Disabled ¥ | 


HTTP: Disabled x] 


SMTP: Disabled 7 | 


Disabled x] 


Disabled 7 | 


Disabled 7 | 


Page Options... Cancel | Apply | Help | 


3 Inthe TCP/IP Address field, click Edit, specify the IP address of the server where the GWIA is 
running, then click OK to return to the Network Address page. 


4 Inthe Message Transfer Port field, specify a unique port number; for example, 7102. 
5 Click OK to save the new link configuration for the GWIA. 
ConsoleOne then notifies the GWIA and MTA to restart using the new link protocol. 


55.2 Configuring an Alternate GWIA for a Domain 
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By configuring the GWIA to communicate with the MTA by way of TCP/IP, you can configure an 
alternate GWIA for a domain, so that if the domain’s primary GWIA goes down, the MTA can fail 
over to another GWIA in your GroupWise system until the primary GWIA is up and running again. 
This feature is especially useful in large GroupWise systems with multiple GWIAs that handle a lot 
of Internet messages. 


1 Make sure that you have configured the GWIAs for TCP/IP, as described in Changing the Link 
Protocol between the GWIA and the MTA. 


2 In ConsoleOne, right-click the Domain object, then click Properties. 
3 Click GroupWise > Internet Addressing. 
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Properties of Provoi 


NDS Rights v | Other | Rights to Files and Folders 


Override Preferred Address format: 
r 


Defined at: Corporate Mail 


Allowed Address Formats 


Defined at: Corporate Mail 


Internet domain name: 


Defined at: Corporate Mail 
I For incoming mail, recipients are known exclusively by this Internet domain name 


Internet Agent for outbound SMTP/MIME messages: 


Defined at: Corporate Mail 


Alternate Internet Agent for outbound SMTPMIME messages: 
<None> à 


Page Options... | Cancel | 


4 Inthe Alternate Internet Agent for Outbound SMTP/MIME Messages field, select an GWIA as an 
alternate for this domain. 


5 Click OK to save your changes. 


The MTA always tries to transfer outbound Internet messages to the primary GWIA first, so after an 
outage the primary GWIA automatically resumes its normal processing for the domain. 


55.3 Binding the GWIA to a Specific IP Address 


By default, the GWIA binds to a specified IP address when the server where it runs uses multiple IP 
addresses. The specified IP address is associated with all ports used by the agent. Without an 
exclusive bind, the GWIA binds to all IP addresses available on the server. 


To turn off the exclusive bind: 


1 In ConsoleOne, browse to and right-click the GWIA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 
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55.4 


55.4.1 


Properties of GWIA 


LDAP | POPSAMAP4 | Server Directories | Access Control -| Reattach | Post Office Links | GroupWise v | NDS { 
| Network Address 


TCP/IP Address: 172.16.5.18 
IPX/SPX Address: 


[M] Bind Exclusively to TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7102] Disabled x| 


HTTP: 9850 [Disabled v | 


SMTP: 25) (Disabled v| 


1108 [Disabled x] 9958 


0 143) | Disabled x] 9931 


3898) [Disabled v| [ 636]8) 


JJ 


3 Deselect Bind Exclusively to TCP/IP Address, then click OK to save your change. 


You can use the /ip startup switch in the GWIA startup file to establish an exclusive bind to the 
specified IP address. If you have used this switch in the GWIA startup file, remove it to turn off 
the exclusive bind. 


Securing GWIA Connections with SSL 


The GWIA can use the SSL (Secure Socket Layer) protocol to enable secure connections to other 
SMTP hosts, POP/IMAP clients, and the GWIA Web console. For the GWIA to do so, you must ensure 
that it has access to a server certificate file and that you have configured the connection types (SMTP, 
POP, IMAP, HTTP) you want secured through SSL. The following sections provide instructions: 


+ Section 55.4.1, “Defining the Certificate File,” on page 812 
+ Section 55.4.2, “Defining Which Connections Use SSL,” on page 813 


Defining the Certificate File 


To use SSL, the GWIA reguires access to a server certificate file and key file. The GWIA can use any 
Base64/PEM or PFX formatted certificate file located on its server. If the GWIA’s server does not have 
a server certificate file, you can use the GroupWise Generate CSR utility to help you obtain one. For 
information, see Section 5.16.4, “GroupWise Generate CSR Utility (GWCSRGEN),” on page 104. 


To define the certificate file and key file that the GWIA will use: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click GroupWise > SSL Settings to display the SSL Settings page. 
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55.4.2 


Properties of GWIA 


Certificate file: 


SSL key file: 


Set Password 


Page Options... | Cancel | 


For background information about certificate files and SSL key files, see Section 83.2, “Server 
Certificates and SSL Encryption,” on page 1107. 


By default, the GWIA looks for the certificate file and SSL key file in the same directory where 
the GWIA executable is located, unless you provide a full path name. 


3 Fillinthe Certificate File, SSL Key File, and Set Password fields: 


Certificate File: Specify the server certificate file that the GWIA will use. The certificate file must 
be in Base64/PEM or PFX format. This setting corresponds to the GWIA's --certfile switch. 

SSL Key File: Specify the key file associated with the certificate. The key file must be password 

protected in order for SSL to function correctly. If the private key is included in the certificate file 
rather than in a separate key file, leave this field blank. This setting corresponds to the GWIA’s - 
-keyfile switch. 


Set Password: Click Set Password to specify the password for the key. If the key does not reguire 
a password, do not use this option. This setting corresponds to the --keypasswd switch. 


4 If you want to define which connections (HTTP, SMTP, POP3, or IMAP4) use SSL, click Apply to 
save your changes, then continue with the next section, Section 55.4.2, “Defining Which 
Connections Use SSL,” on page 813. 


Or 


Click OK to save your changes. 


Defining Which Connections Use SSL 


After you define the GWIA's certificate and key file (see Section 55.4.1, “Defining the Certificate File,” 
on page 812), you can configure which connections you want to use SSL. You can enable SSL 
connections to other SMTP hosts and the GWIA Web console, which means that an SSL connection is 
used if the other SMTP host or the Web browser (running the Web console) supports SSL. You can 
also enable or reguire SSL connections to POP3, IMAP4, and LDAP clients. If SSL is enabled, an SSL 
connection is used if the client supports SSL; if SSL is reguired, only SSL connections are accepted. 


For more information about POP3 and IMAP4 clients, see Section 53.2, “Configuring POP3/IMAP4 
Services,” on page 777. For more information about LDAP clients, see Section 53.3, “Configuring 
LDAP Services,” on page 782. 
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To configure connections to use SSL: 


1 In ConsoleOne, if the GWIA object's property pages are not already displayed, right-click the 


GWIA object, then click Properties. 


2 Click GroupWise > Network Address to display the Network Address page. 


Properties of GWIA 


LDAP | POP3AMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise ~ | NDS/ 
| Network Address 


TCP/IP Address: 172.16.5.18 
IPX/SPX Address: 


[M] Bind Exclusively to TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7102 (3 Disabled x] 


HTTP: 985018) Disabled x] 
SMTP: 258) [Disabled w| 


1108 [Disabled v| | 9358 


14318) [Disabled v| [| 993]8) 


39/8 [Disabled v| [| 636(8 


JC Ca Ce 


3 Configure the SSL settings for the following connections: 


Message Transfer: Select Required if you want the GWIA to use a secure connection to the MTA. 
The MTA must also be enabled to use SSL. 


HTTP: Select Enabled to enable the GWIA to use a secure connection when passing information 
to the GWIA Web console. The Web browser must also be enabled to use SSL; if it is not, a non- 
secure connection is used. 


SMTP: Select from the following options to configure the GWIA’s use of secure connections to 
other SMTP hosts. The SMTP host must also be enabled to use SSL or TLS (Transport Layer 
Security); if it is not, a non-secure connection is used. All connections are through port 25. 


+ Disabled: The GWIA does not support SSL connections. 


+ Enabled: The other SMTP host determines whether an SSL connection or non-SSL 
connection is used with an SSL-enabled GWIA. 


+ Required: The GWIA forces SSL connections. Non-SSL connections are denied. 


POP: Select from the following options to configure the GWIA's use of secure connections to 
POP clients: 


+ Disabled: The GWIA does not support SSL connections. All connections are non-SSL 
through port 110. 


+ Enabled: The POP client determines whether an SSL connection or non-SSL connection is 
used with an SSL-enabled GWIA. An SSL-enabled GWIA allows SSL connections on port 
995 and non-SSL connections on port 110. 


+ Required: The GWIA forces SSL connections on port 995 and port 110. Non-SSL 
connections are denied. 


GroupWise 2012 Administration Guide 


IMAP: Select from the following options to configure the GWIA’s use of secure connections to 
IMAP clients: 


+ Disabled: The GWIA does not support SSL connections. All connections are non-SSL 
through port 143. 


+ Enabled: The IMAP client determines whether an SSL connection or non-SSL connection is 
used with an SSL-enabled GWIA. An SSL-enabled GWIA allows SSL connections on port 
993 and non-SSL connections on port 143. 


+ Required: The GWIA forces SSL connections on port 993 and port 143. Non-SSL 
connections are denied. 
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56.1 


Monitoring the GWIA 


You can monitor the operation of the GWIA by using several different diagnostic tools. Each provides 
important and helpful information about the status of the GWIA and how it is currently functioning. 
Choose from the titles listed below to learn more about how to monitor the operations of the GWIA. 

+ Section 56.1, “Using the GWIA Server Console,” on page 817 

+ Section 56.2, “Using the GWIA Web Console,” on page 827 

+ Section 56.3, “Using Novell Remote Manager,” on page 829 

+ Section 56.4, “Using an SNMP Management Console,” on page 829 

+ Section 56.5, “Assigning Operators to Receive Warning and Error Messages,” on page 832 

+ Section 56.6, “Using GWIA Log Files,” on page 833 

+ Section 56.7, “Using GWIA Error Message Documentation,” on page 837 

+ Section 56.8, “Employing GWIA Troubleshooting Techniques,” on page 837 

+ Section 56.9, “Stopping the GWIA,” on page 838 


Using the GWIA Server Console 


The GWIA console provides information, status, and message statistics about the GWIA to help you 
assess its current functioning. 


-inix 
File Configuration Log Statistics Help 
Provo2. GWIA Up Time: 7 Days 2Hrs 6 Mins 
r Status T Message Statistics 
Processing \ Out 10 Minutes In 10 Minutes 
A | Normal 0 0 0 0 
Groupwise Open EER 0 o 0 0 
Other Link Open | Passthrough 0 0 0 0 
Program Idle 30 | Convert Errors 0 0 0 0 
Communication 0 0 0 0 
LogLevel Normal Total Bytes 0.0 0.0 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 
10:37:50 968 MTP: Queue initialization... 
10:37:50 968 Warning - å postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running Be 


Linux: You must use the --show startup switch in order to display the Linux GWIA server console. 


Windows: _ If the GWIA is running as a Windows service under the Local System User, it is displayed on the 
desktop only if the Allow Service to Interact with Desktop option was selected during installation or 
has been configured on the GWIA service’s General property page. 
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56.1.1 


56.1.2 


Refer to the following sections for information about the specific sections and functionality included 
in the console: 


+ Section 56.1.1, “Description,” on page 818 
+ Section 56.1.2, “Status,” on page 818 


+ 


Section 56.1.3, “Statistics,” on page 819 


+ 


Section 56.1.4, “Logging,” on page 825 


+ 


Section 56.1.5, “Menu Functions,” on page 826 


Description 


The description section of the console identifies the GWIA and displays how long its has been 
running. 


@ GroupWise Internet Agent j zipi xi 


Fie Configuration Log Statistics Help 


Provo2.GWIA Up Time: 7 Days 2Hrs 6 Mins 
Status r Message Statistics 
Processing \ Out 10 Minutes In 10 Minutes 
2 Normal 0 0 0 0 
Groupwise Open Status 0 o 0 0 
Other Link Open Passthrough 0 0 0 0 
Progam Idle 20 | | Convert Errors 0 0 0 0 
Communication 0 0 0 0 
Log Level Normal Total Bytes 0.0 0.0 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 
10:37:50 968 MTP: Queue initialization... 
10:37:50 968 Warning - å postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running he 


Domain.Gateway: Displays the domain and GWIA names. 


Up Time: Displays the total length of time the GWIA has been running. If the GWIA terminates 
unexpectedly (such as in a power outage), the Up Time display does not reset to 0 (zero). It shows the 
total time elapsed since the GWIA was last loaded after a proper termination. 


Description: Displays any descriptive information provided on the GWIA object’s Identification 
page (GWIA object > GroupWise > Identification). 


Status 


The Status section of the console provides a quick look at the GWIA’s current message processing 
activity, network connectivity, and information logging level. 
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56.1.3 


@ GroupWise Internet Agent J -loj x| 


File Configuration Log Statistics Help 


Provo2.GWIA UpTime: 7 Days 2Hrs 6 Mins | 
Status j r Message Statistics 
Processing \ Out 10 Minutes In 10 Minutes 
s Normal 0 0 0 0 
Groupwise Open Status 0 o 0 0 
Other Link Open Passthrough 0 0 0 0 
Program Idle 30 Convert Errors 0 0 0 0 
Communication 0 0 0 0 
Log Level Normal Total Bytes 00 0.0 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 

10:37:50 968 MTP: Queue initialization... 

10:37:50 968 Warning - 4 postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 980 LDAP server running E 


Processing: Displays a rotating bar if the GWIA is running. If there is no bar, or if the bar is stationary 
for more than one minute, the GWIA is not running. 


GroupWise: Displays whether the GWIA's network connection is OPEN or CLOSED. This network 
connection is the GWIA’s only link to GroupWise. The status indicates whether or not the GWIA can 
write to the wpcsin directory and access the wpcsout directory. The GWIA does a scan each cycle to 
see if these directories exist. If the status is CLOSED, the GWIA attempts to reattach to the network. 


It is normal for this field to display the word CLOSED for a minute or so after you start the GWIA. 
However, if the connection remains CLOSED, look for the wpcsin and wpcsout directories. If they 
are not created yet, start the Message Transfer Agent (MTA). 


Other Link: This field does not apply to the GWIA. It always says OPEN. 


Program: Displays the processing cycle. You can use the Gateway Time Settings page (GWIA object > 
GroupWise > Gateway Time Settings) to adjust the processing cycle. 


Log Level: Displays the logging level the GWIA is currently using. The logging level determines how 
much data is displayed on the message portion of this screen and written to the log file. You can use 
the console menu options to override the default setting for the current session. For information, see 


Statistics 


The Statistics section of the console can display five different sets of information: 


+ “Message Statistics” on page 819 

+ “SMTP Service Statistics” on page 820 
+ “POP Service Statistics” on page 822 

+ “IMAP Service Statistics” on page 823 
+ “LDAP Service Statistics” on page 825 


Message Statistics 


The Message Statistics section of the console, shown below, is the default statistics section displayed 
by the GWIA console. 
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@ GroupWise Internet Agent E -10/x| 


File Configuration Log Statistics Help 


Provo2.Gwlé UpTime: 7 Days 2His 6 Mins | 
Status ) r Message Statistics 
Processing \ Out 10 Minutes In 10 Minutes 
s Normal 0 0 0 0 
Groupwise Open Status 0 o 0 0 
Other Link Open Passthrough 0 0 0 0 
Program Idle 30 Convert Errors 0 0 0 0 
Communication 0 0 0 0 
Log Level Normal Total Bytes 0.0 0.0 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 

10:37:50 968 MTP: Queue initialization... 

10:37:50 968 Warming - 4 postmaster must be set for this gateway. 
10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running E 


Message Statistics shows the number of inbound and outbound messages processed by the GWIA. 
The Out and In columns display the cumulative message totals and the 10 Minutes column display 
snapshot totals for the last ten minutes. You change the time interval of the 10 Minutes column in 
ConsoleOne. For instructions, see Section 57.2.2, “Increasing Polling Time,” on page 841. 


Normal: Displays the number of inbound and outbound messages processed by the GWIA. 


Status: Displays the number of inbound and outbound status messages processed by the GWIA. The 
amount of status message traffic depends on the Outbound Status level (GWIA object > GroupWise > 
Optional Gateway Settings). If the Outbound Status level is set to Full, more status messages are 
generated. If the Outbound Status level is set to Undelivered, fewer status messages are generated. 


Passthrough: Displays the number of inbound and outbound passthrough messages the GWIA has 
processed. 


Convert Errors: Outbound messages are converted from GroupWise format to MIME or RFC-822 
format. Inbound messages are converted to GroupWise format. This field displays the number of 
inbound and outbound messages that the GWIA could not convert. 


Communication: Displays the number of communication errors encountered by the GWIA. 


Total Bytes: Displays the total number of bytes of inbound and outbound messages processed by the 
GWIA. 


SMTP Service Statistics 


The SMTP Service Statistics section, shown below, includes only the information for messages 
processed by the GWIA’s SMTP daemon. 
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@ Group Wise Internet Agent E -loj x| 


Fie Configuration Log Statistics Help 


Provo2.Gwlé, Up Time: 7 Days 2 Hrs 10Mins | 
Status [ SMTP Service Statistics 
Procassng \ | Messages Sent O Messages Received 0 
Groupwise Open | Send Threads 0:8 Receive Threads 0:16 
Other Link Open MX Lookup Errors O0 Unknown Hosts 0 
TCP/IP Read Errors 0 TCP/IP Write Errors 0 
Program Idle 21 | | Hosts Down 0 Connections Denied 0 
Log Level Normal Message Size Denied 0 Relaying Denied 0 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 
10:37:50 968 MTP: Queue initialization... 
10:37:50 968 Warning - 4 postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running = 


Messages Sent: Displays the total number of SMTP messages sent by the GWIA during its current up 
time. 


Send Threads: The first number displays the number of threads currently being used to send SMTP 
messages. The second number displays the number of threads still available to the GWIA for sending 
SMTP messages. This is the total number of assigned send threads (by default, 8) minus the currently 
used threads. You can change the total number of assigned SMTP send threads in ConsoleOne 
(GWIA object > SMTP/MIME > Settings). For more information, see Section 53.1.1, “Configuring Basic 
SMTP/MIME Settings,” on page 757. 


Messages Received: Displays the total number of SMTP messages received by the GWIA during its 
current up time. 


Receive Threads: The first number is the number of threads currently being used to receive SMTP 
messages. The second number is the number of threads still available to the GWIA for receiving 
SMTP messages. This is the total number of assigned receive threads (by default, 16) minus the 
currently used threads. You can change the total number of assigned SMTP receive threads in 
ConsoleOne (GWIA object > SMTP/MIME > Settings). For more information, see Section 53.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 757. 


MX Lookup Errors: To resolve hostnames to IP addresses, the GWIA performs MX record lookups in 
DNS. This field displays the number of MX record lookups that failed. 


Unknown Hosts: Displays the number of SMTP hosts that the GWIA could not establish a 
connection with because the hostname could not be resolved to an IP address. 


TCP/IP Read Errors: Displays the number of TCP read errors encountered by the GWIA. A TCP read 
error occurs if the GWIA connects successfully to another SMTP host but is unable to process a TCP 
read command during the message transfer. 


TCP/IP Write Errors: Displays the number of TCP write errors encountered by the GWIA. A TCP 
write error occurs if the GWIA connects successfully to another SMTP host but is unable to process a 
TCP write command during the message transfer. 


Hosts Down: Displays the number of SMTP hosts that the GWIA could not establish a connection 
with in order to send or receive messages. The GWIA was able to resolve the hostname to an IP 
address, but the connection could not be established. 


Monitoring the GWIA 821 


822 


Connections Denied: Displays the number of connections denied by the GWIA. A connection is 
denied if the host is blocked through: 


+ A Class of Service (GWIA object > Access Control > Settings). For more information, see 
Chapter 54.1, “Controlling User Access to the Internet,” on page 787. 

+ A blacklist (GWIA object > Access Control > Blacklists). For more information, see Chapter 54.2, 
“Blocking Unwanted Email from the Internet,” on page 798. 

+ The Reject Mail if Sender’s Identity Cannot Be Verified setting (GWIA object > SMTP/MIME > 
Security Settings), if it is enabled and the sender’s identity cannot be verified. For more 
information, see Section 54.2.4, “Mailbomb (Spam) Protection,” on page 801. 


Message Size Denied: Displays the number of SMTP messages that the GWIA did not send or 
receive because they exceeded the maximum message size. You can change the maximum message 
size in ConsoleOne (GWIA object > Access Control > Settings > edit class of service > SMTP Incoming 
tab or SMTP Outgoing tab). For more information, see Section 54.1, “Controlling User Access to the 
Internet,” on page 787. 


Relaying Denied: Displays the number of relay messages denied by the GWIA. A relay message is 
denied for the following reasons: 


+ The GWIA is not enabled as a relay host (GWIA object > Access Control > SMTP Relay Settings). 
For more information, see Section 53.1.8, “Enabling SMTP Relaying,” on page 770. 


* The relay message could not be authenticated. 


POP Service Statistics 


The POP Service Statistics section, shown below, provides information about the POP activity handled 
by the GWIA. 


-inix 
File Configuration Log Statistics Help 

Provo2.Gwlé, Up Time: 7 Days 2 Hrs 11 Mins ] 
[Status — -- POP Service Statistics 

Processing l Total Sessions 0 Messages Sent 0 

Berio Or Active Sessions 0 Normal Threads 0:10 

j Idle Sessions 0 Secure Threads 0:0 

Other Link Open Unknown Users 0 Authentication Errors 0 

Program Idle 18 | | Retrieve Errors 0 Conversion Errors 0 

TCP/IP Read Errors 0 TCPAIP Write Errors 0 

Log Level Normal Denied Access Count 0 Store Login Errors 0 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 

10:37:50 968 MTP: Queue initialization... 

10:37:50 968 Warning - 4 postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running SE 


Total Sessions: Displays the total number of POP3 sessions processed by the GWIA during its 
current up time. 


Active Sessions: Displays the number of currently active POP3 sessions. 


Idle Sessions: Displays the number of threads still available to the GWIA for POP3 sessions. This is 
the total number of assigned POP3 threads (by default, 10) minus the active sessions. You can change 
the total number of assigned POP3 threads in ConsoleOne (GWIA object > POP3/IMAP4 > Settings). 
For more information, see Section 53.2, “Configuring POP3/IMAP4 Services,” on page 777. 
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Messages Sent: Displays the total number of Group Wise mailbox messages retrieved through POP3 
sessions. 


Normal Threads: Displays the number of POP threads that are busy and the number that are 
available. 


Secure Threads: Displays the number of POP SSL threads that are busy and the number that are 
available. 


Unknown Users: Displays the number of user logins that failed because the user does not exist in the 
GroupWise system. 


Authentication Errors: Displays the number of GroupWise user logins that failed because the user 
supplied an incorrect password. 


Retrieve Errors: Displays the number of errors generated because the GWIA could not transfer 
messages to the POP3 client. 


Conversion Errors: Displays the number of errors generated because the GWIA could not convert 
retrieved GroupWise messages to MIME format. 


TCP/IP Read Errors: Displays the number of TCP read errors encountered by the GWIA. A TCP read 
error occurs if the GWIA successfully opens a POP3 session but is unable to process a TCP read 
command during the session. 


TCP/IP Write Errors: Displays the number of TCP write errors encountered by the GWIA. A TCP 
write error occurs if the GWIA successfully opens a POP3 session but is unable to process a TCP 
write command during the session. 


Denied Access Count: Displays the number of POP3 sessions that were denied because the user does 
not have POP3 access. POP3 access is controlled through the user's Class of Service assignment 
(GWIA object > Access Control > Settings). For more information, see Section 54.1, “Controlling User 
Access to the Internet,” on page 787. 


Store Login Errors: Displays the number of GroupWise user logins that failed because the users” 
GroupWise mailboxes were unavailable (for example, the post office is down or the GWIA link to the 
post office is down). 


IMAP Service Statistics 


The IMAP Service Statistics section, shown below, provides information about the IMAP activity 
handled by the GWIA. 
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@ Group Wise Internet Agent E -lol x| 


Fie Configuration Log Statistics Help 


Provo2.Gwlé, Up Time: 7 Days 2 Hrs 11 Mins 
Status IMAP Service Statistics 
Processing $ Total Sessions 0 Messages Sent 0 
Sono A Active Sessions 0 Normal Threads 0:10 
Idle Sessions 0 Secure Threads 0:0 
Other Link Open Unknown Users 0 Authentication Errors 0 
Program Ide 19 | | Retrieve Errors 0 Conversion Errors 0 
TCP/IP Read Errors QO TCP/IP Write Errors 0 
Log Level Normal Denied åccess Count 0 Store Login Errors 0 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 

10:37:50 968 MTP: Queue initialization... 

10:37:50 968 Warning - 4 postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running E 


Total Sessions: Displays the total number of IMAP4 sessions processed by the GWIA during its 
current up time. 


Active Sessions: Displays the number of currently active IMAP4 sessions. 


Sessions Available: Displays the number of threads still available to the GWIA for IMAP4 sessions. 
This is the total number of assigned IMAP4 threads (by default, 10) minus the active sessions. You 
can change the total number of assigned IMAP4 threads in ConsoleOne (GWIA object > POP3/IMAP4 
> Settings). For more information, see Section 53.2, “Configuring POP3/IMAP4 Services,” on 

page 777. 


Messages Sent: Displays the total number of GroupWise mailbox messages retrieved through 
IMAP4 sessions. 


Normal Threads: Displays the number of IMAP threads that are busy and the number that are 
available. 


Secure Threads: Displays the number of IMAP SSL threads that are busy and the number that are 
available. 


Unknown Users: Displays the number of user logins that failed because the user does not exist in the 
GroupWise system. 


Authentication Errors: Displays the number of GroupWise user logins that failed because the user 
supplied an incorrect password. 


Retrieve Errors: Displays the number of errors generated because the GWIA could not transfer 
messages to the IMAP4 client. 


Conversion Errors: Displays the number of errors generated because the GWIA could not convert 
retrieved GroupWise messages to MIME format. 


TCP/IP Read Errors: Displays the number of TCP read errors encountered by the GWIA. A TCP read 
error occurs if the GWIA successfully opens a IMAP4 session but is unable to process a TCP read 
command during the session. 


TCP/IP Write Errors: Displays the number of TCP write errors encountered by the GWIA. A TCP 
write error occurs if the GWIA successfully opens an IMAP4 session but is unable to process a TCP 
write command during the session. 
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Denied Access Count: Displays the number of IMAP4 sessions that were denied because the user 
does not have IMAP4 access. IMAP4 access is controlled through the user's Class of Service 
assignment (GWIA object > Access Control > Settings). For more information, see Section 54.1, 
“Controlling User Access to the Internet,” on page 787. 


Store Login Errors: Displays the number of GroupWise user logins that failed because the users” 
GroupWise mailboxes were unavailable (for example, the post office is down or the GWIA link to the 
post office is down). 


LDAP Service Statistics 
The LDAP Service Statistics section, shown below, provides information about the LDAP activity 
handled by the GWIA. 
-ox 
File Configuration Log Statistics Help 
| Provo2.GwlA Up Time: 7 Days 24Hrs 12 Mins | 
Status LDAP Service Statistics 
Ea Public Sessions 0 Search Requests 0 
GroupWise Open Authenticated Sessions 0 Entries Returned 0 
Other Link Open Sessions Active 0 
Sessions Available 10 
Program Idle 20 
Log Level Normal 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 


10:37:50 968 MTP: Queue initialization... 

10:37:50 968 Warning - 4 postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running = 


Public Sessions: Displays the total number of LDAP sessions handled by the GWIA. 
Authenticated Sessions: This field is not used. 


Sessions Active: Displays the total number of LDAP sessions currently being processed by the 
GWIA. 


Sessions Available: Displays the number of threads still available to the GWIA for LDAP sessions. 
This is the total number of assigned LDAP threads (by default, 10) minus the active sessions. You can 
change the total number of assigned LDAP threads in ConsoleOne (GWIA object > LDAP > Settings). 
For more information, see Section 53.3, “Configuring LDAP Services,” on page 782. 


Search Requests: Displays the total number of LDAP queries against the GroupWise Address Book. 


Entries Returned: Displays the total number of Address Book entries returned for the search 
requests. For example, a single search request might return 25 entries. 


56.1.4 Logging 


The Logging section of the console, shown below, displays GWIA activity. The number and detail of 
these messages depend on the logging level you select. See Chapter 56.6, “Using GWIA Log Files,” 
on page 833 for more information. 
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56.1.5 


@ GroupWise Internet Agent E -lol x| 


Fie Configuration Log Statistics Help 


Provo2.GWIA Up Time: 7 Days 2 Hrs 6 Mins | 
Status - Message Statistics — — 
Processing Ñ Out 10 Minutes In 10 Minutes 
s Normal 0 0 0 0 
GroupWise Open Status 0 o 0 0 
Other Link Open Passthrough 0 0 0 0 
Program Idle 20 | | Convert Errors 0 0 0 0 
Communication 0 0 0 0 
Log Level Normal Total Bytes 0.0 0.0 


10:37:49 968 MTP: Message Transfer Protocol initialization... 
10:37:49 968 MTP: Queue initialization... 
10:37:50 968 MTP: Queue initialization... 


10:37:50 968 Warming - 4 postmaster must be set for this gateway. 

10:37:53 7EC Starting GWPOP-Listener 

10:37:54 9D4 Starting GWIMAP-Listener 

10:37:55 944 Starting GWHTTP-Listener 

10:37:55 968 HTTP server running 

10:37:55 9B0 LDAP server running E 


Menu Functions 


The menu functions on the Linux and Windows GWIA console provide you with the following 
options. 


File > Restart (F6): Select this option to restart the GWIA. The GWIA rereads all of its configuration 
files (gwia.cfg, blocked.txt, gwauth.cfg, route.cfg and so on). 


File > Exit: Select this option to terminate the GWIA and return to the system prompt. 
Configuration > Agent Settings: Select this option to display the GWIA configuration settings. 


Configuration > Message Transfer Status: Select this option to display the status of the TCP/IP link 
between the GWIA and the MTA for the domain. 


Configuration > Edit Startup File: Select this option to open the gwia . cfg file in the default text 
editor. 


Log > Cycle Log: Select this option to close the current log file and start a new one. 
Log > View Log: Select this option to view the log files. 


Log > Log Settings: Select this option to set the logging level, turn on or off disk logging, and 
configure the maximum log file size and disk space. These changes apply only to the current session. 


Statistics > Message: Select this option to display the Message statistics. For information about the 
Message statistics, see “Message Statistics” on page 819. 


Statistics > SMTP Service: Select this option to display the SMTP Service statistics. For information 
about the SMTP Service statistics, see “SMTP Service Statistics” on page 820. 


Statistics > POP Service: Select this option to display the POP Service statistics. For information 
about the POP Service statistics, see “POP Service Statistics” on page 822. 


Statistics > IMAP Service: Select this option to display the IMAP Service statistics. For information 
about the IMAP Service statistics, see “IMAP Service Statistics” on page 823. 


Statistics > LD AP Service: Select this option to display the LDAP Service statistics. For information 
about the LDAP Service statistics, see “LDAP Service Statistics” on page 825. 


Statistics > Zero Statistics: Select this option to reset the Message, SMTP, POP, IMAP, and LDAP 
statistics. 
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56.2 


56.2.1 


Using the GWIA Web Console 


You can use a Web browser interface, referred to as the Web console, to monitor the GWIA. You 
cannot use the GWIA Web console to change any of the GWIA’s settings. Changes must be made 
through ConsoleOne, the server console, or the startup file. 

+ Section 56.2.1, “Setting Up the GWIA Web Console,” on page 827 

+ Section 56.2.2, “Monitoring the GWIA at the Web Console,” on page 828 


Setting Up the GWIA Web Console 


The default HTTP port for the GWIA Web console is established during GWIA installation. You can 
change the port number and increase security after installation in ConsoleOne. 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 


Properties of GWIA 


LDAP | POPSAMAP4 | Server Directories | Access Control M, Reattach | Post Office Links | GroupWise + | NDS { 
Network Address 


TCP/IP Address: 172.16.5.18 
IPX/SPX Address: 


[M] Bind Exclusively ta TCP/IP Address 


Port SSL SSL Port 
Message Transfer: 7102/8} Disabled ~| 


HTTP: -2850]8) [Disabled | 


SMTP: 258) [Disabled v | 
110 s Disabled v| [ 995 |S} 
143 E Disabled % | 3936 


2898) [Disabled v| [ 636] 


JJ 


3 Make a note of the TCP/IP address and the HTTP port number. You need this information to 
access the GWIA Web console. 


4 If you want to use an SSL connection for the GWIA Web console, which provides optimum 
security, select Enabled in the HTTP SSL drop-down list. 


For additional instructions about using SSL connections, see Section 83.2, “Server Certificates 
and SSL Encryption,” on page 1107. 


5 Click Apply to save your changes on the Network Address page. 


If you want to limit access to the GWIA Web console, you can provide a user name and 
password. 


6 Click GroupWise > Optional Gateway Settings to display the Optional Gateway Settings page. 
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Properties of GWIA 


POP3IMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise ~ | nosį 
| Optional Gateway Settings | 


Directory Sync/Exchange: [None 


Accounting: [ves 


Convert Status to Messages: [no 


Outbound Status Level: [Undeiivered 


Enable Recovery: Pres 
a 

Retry Count: 10 +] 4-99) 
a 

Retry Interval: 5 1 seconds 


Failed Recovery Wait: 3600 E seconds 


Network Reattach Command: [ 


Correlation Enabled: Pres 


Correlation Age: 14 4 days 


HTTP Settings 


HTTP User Name: | 


HTTP Password: Set Password 


Page Options... OK Cancel Apply Help 


7 Inthe HTTP User Name field, enter an arbitrary user name (for example, gwia). 
8 Click Set Password to assign a password (for example, monitor). 
9 Click OK to save your changes. 

ConsoleOne then notifies the GWIA to restart to put the new settings into effect. 


56.2.2 Monitoring the GWIA at the Web Console 
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1 Ina Web browser, enter the following: 
http://IP_address:agent_port (non-secure server) 
or 
https://IP_address:agent_port (secure server) 


Replace IP address with the IP address or hostname of the server where the GWIA is running, 
and HTTP_port is the port number assigned to the agent. If you used the default port during 
installation, the port number is 9850. 


2 If prompted, enter the Web console user name and password. 


The GWIA Web console is displayed. 
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56.3 


56.4 


56.4.1 


GroupWise 2012 GWIA - GWIA.Provo1 
Status | Configuration | Environment | Log Files | MTP Status | Help 


Restari Internet Agent 


UpTime: 0 Days 5 Hrs 41 Mins 


hread Status 


Message Conversion Threads 0 
SMTP Threads 0 
Standard POP Threads 0 
Secure POP Threads 0 
Standard IMAP Threads 0 
Secure IMAP Threads 0 


Queue Information 


Count Oldest Message 
Outbound Message Queues 0 
Inbound Message Queues 
SMTP Send Queue 
SMTP Receive Queue 
Delayed Message Queue 


© N © N © © 


Message Out 10 Minutes In 10 Minutes 
Normal 0 0 0 0 
Status 0 0 0 0 
Passthrough 0 0 0 0 
Conversion Errors 0 0 0 0 
Communication Errors 0 0 0 0 
Total Bytes 0.0 0.0 


The Web console has five pages (Status, Configuration, Environment, and Log Files, and MTP 
Status). You can click Help on any page for information about the page. 


Using Novell Remote Manager 


If the GWIA is running on Novell Open Enterprise Server (OES), you can use Novell Remote 
Manager to monitor the GWIA. For more information, see the Novell Remote Manager for Linux 
Administration Guide for your version of OES Linux (http://www.novell.com/documentation/ 
oes.html). 


Using an SNMP Management Console 


You can monitor the GWIA from SNMP management and monitoring programs. When properly 
configured, the GWIA sends SNMP traps to network management consoles for display along with 
other SNMP monitored programs. 


Although the GWIA is SNMP-enabled by default, the server where the GWIA is installed must be 
properly configured to support SNMP, and the GWIA object in eDirectory must also be properly 
configured. To set up SNMP services for your server, complete the following tasks: 


+ Section 56.4.1, “Setting Up SNMP Services for the GWIA,” on page 829 
+ Section 56.4.2, “Copying and Compiling the GWIA MIB File,” on page 831 
+ Section 56.4.3, “Configuring the GWIA for SNMP Monitoring,” on page 832 


Setting Up SNMP Services for the GWIA 


Select the instructions for the platform where the GWIA runs: 


¢ “Linux: Setting Up SNMP Services for the GWIA” on page 830 
+ “Windows: Setting Up SNMP Services for the GWIA” on page 830 
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Linux: Setting Up SNMP Services for the GWIA 


The Linux GWIA is compatible with NET-SNMP. An older version of SNMP called UCD-SNMP 
cannot be used with the Linux GWIA. NET-SNMP comes with OES Linux, but it does not come with 
SLES. If you are using SLES, you must update to NET-SNMP in order to use SNMP to monitor the 
Linux GWIA. 
1 Makesure you are logged inas root. 
2 (Conditional) If NET-SNMP is not already set up on your Linux server, use the following 
command to configure SNMP: 
snmpconf -g basic setup 
The snmpconf command creates the snmpd. conf file in one of the following directories, 


depending on your version of Linux: 


/usr/share/snmp 
/usr/local/share/snmp 
-/ -snmp 


3 Locate the snmpd. conf file on your Linux server. 

4 Ina text editor, open the snmpd. conf file and add the following line: 
dlmod Gwsnmp /opt/novell/groupwise/agents/lib/libgwsnmp.so 

5 Save the snmpd. conf file and exit the text editor. 


6 Restartthe SNMP daemon (snmpd) to put the changes into effect. 


IMPORTANT: Make sure that the SNMP daemon always starts before the GWIA starts. 


7 Skip to Section 37.6.2, “Copying and Compiling the POA MIB File,” on page 555. 


Windows: Setting Up SNMP Services for the GWIA 


On Windows Server 2008, the SNMP Service is usually not included during the initial operating 
system installation. The SNMP Service can be easily added at any time. To add or configure the 
SNMP Service, you must be logged in as a member of the Administrator group. 


To set up SNMP services for the Windows GWIA, complete the following tasks: 


¢ “Installing SNMP Support on Windows Server 2008” on page 830 
¢ “Installing SNMP Support on Windows Server 2003” on page 831 
+ “Installing GroupWise Agent SNMP Support” on page 831 


Installing SNMP Support on Windows Server 2008 


On the Control Panel, click Programs and Features. 

Click Turn Windows features on or off to open the Server Manager. 
Click Features > Add Features. 

In the Features list, expand SNMP Services, then select SNMP Service. 
Click Next, then click Install. 


When the installation is finished, click Close, then exit the Server Manager. 


N Oo OF R 0 N MR 


Skip to Installing GroupWise Agent SNMP Support. 
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56.4.2 


Installing SNMP Support on Windows Server 2003 


1 Click Start > Control Panel > Add or Remove Programs. 

2 Click Add/Remove Windows Components. 

3 Select Management and Monitoring Tools. 

4 Click Details, then select Simple Network Management Protocol. 
5 Followthe on-screen instructions to install the SNMP Service. 


6 Continue with Installing Group Wise Agent SNMP Support. 


Installing GroupWise Agent SNMP Support 


The GroupWise Agent Installation program includes an option for installing SNMP support. 
However, if the server where you installed the agents did not yet have SNMP set up, that installation 
option was not available. Now that you have set up SNMP, you can install GroupWise agent SNMP 
support. 


Atthe Windows server where you want to install the GroupWise agent SNMP support: 


1 Run setup.exe at the root of the downloaded GroupWise 2012 software image. 


2 Click Install GroupWise System, click Yes to accept the License Agreement, then click Next to 
perform a standard installation. 


3 Select Install individual components, deselect GroupWise Administration, deselect GroupWise Agents, 
select GroupWise Internet Agent, then click Next. 


4 On the Installation Path page, browse to and select the path where the Internet Agent software is 
installed, then select Install and configure SNMP for Internet Agent. 


5 Continue through the rest of the installation process as prompted by the Agent Installation 
program. 


The Agent Installation program copies the SNMP support files to the agent installation directory, 
makes the appropriate Windows registry entries, and restarts the Windows SNMP service. 


6 Continue with Copying and Compiling the POA MIB File. 


Copying and Compiling the GWIA MIB File 


An SNMP-enabled GWIA returns information contained in a Management Information Base (MIB). 
The MIB is an ASCII data structure that defines the information gathered. It also defines the 
properties that can be monitored and managed on the SNMP-enabled GWIA. 


Before you can monitor an SNMP-enabled GWIA, you must compile the gwia.mib file using your 
SNMP management program. GroupWise agent MIB files are located in the /agents/snmpmibs 
directory of your GroupWise software distribution directory or the downloaded GroupWise 2012 
software image. 


The MIB file contains all the Trap, Set, and Get variables used for communication between the GWIA 
and management console. The Trap variables provide warnings that point to current and potential 
problems. The Set variables allow you to configure portions of the application while it is still running. 
The Get variables display the current status of different processes of the application. 

1 Copy the gwia.mib file to the location required by your SNMP management program. 

2 Compile or import the gwia.mib file as required by your SNMP management program. 


3 Continue with Configuring the POA for SNMP Monitoring. 
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56.4.3 Configuring the GWIA for SNMP Monitoring 


In order for SNMP monitoring programs to monitor the GWIA, the GWIA must be configured with a 
network address and SNMP community string. 
1 In ConsoleOne, browse to and right-click the GWIA object, then click Properties. 
2 Click GroupWise > Network Address to display the Network Address page. 
3 Clickthe pencil icon to provide the TCP/IP address of the server where the POA runs, then click 
Apply. 
4 Click GroupWise > Agent Settings, then scroll to the bottom of the settings list. 
5 Provide your system SNMP community GET string, then click OK. 
6 Configure the SNMP Service with the same community GET string: 
Ga Onthe Windows desktop, click Start > Administrator Tools > Services. 
6b Right-click SNMP Service, then click Properties. 
6c Click Security, then click Add in the Accepted community names list. 
6d In the Community Name field, specify your system SNMP community GET string. 
6e In the Community Rights drop down list, select READ WRITE. 


6f Click Add to add the community string to the list, then click OK to close the SNMP 
Properties 


7 Restart the GWIA. 
The GWIA should now be visible to your SNMP monitoring program. 


56.5 Assigning Operators to Receive Warning and Error 
Messages 


You can select GroupWise users to receive warning and error messages issued by the GWIA. 
Whenever the agent issues a warning or error, these users, called operators, receive a message in their 
mailboxes. You can specify one or more operators. 


An operator can also shut down the GWIA by sending a mail message addressed as follows: 
gwia: shutdown 

Replace gwia with your GWIA’s name. 

To assign an operator: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click GroupWise > Gateway Administrators to display the Gateway Administrators page. 
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Properties of GWIA 
LDAP | POPSAMAP4 | Server Directories | Access Control + | Reattach | Post Office Links 


Administrator Role 


Page Options... 


3 Click Add, select a user, then click OK to add the user to the Gateway Administrators list. 


Properties of GWIA 


POP3AMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise v | NDS Rig 
| Gateway Administrators 


aliast aaa aaa 


Administrator Role 
IV Operator 
T Accountant 
I Postmaster 


T Foreign Operator 


Page Options... 


4 Make sure Operator is selected as the Administrator Role. 
5 If desired, add additional operators. 
6 Click OK. 


56.6 Using GWIA Log Files 


You can use the GWIA logging options to help you monitor its operation. By default, the GWIA logs 
information to its server console, Web console, and to a log file on disk. You can control the following 
logging features: 


¢ The type of information to log. 
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+ Disabling disk logging (Windows GWIA only). 
+ How long to retain log files. 
+ The maximum amount of disk space to use for log files. 


+ Where to store log files. 


You can control logging through ConsoleOne, GWIA startup switches, and the GWIA console. The 
following table shows which logging options you can control from each location. 


ConsoleOne Startup Switches Linux Console Windows Console 
Logging Level Yes Yes Yes Yes 
Disk Logging No No Yes Yes 
Maximum Log File Age Yes Yes Yes Yes 
Maximum Disk Space Yes Yes Yes Yes 
Log File Location Yes Yes No No 


The log settings in ConsoleOne are used as the default settings. Startup switches override the 
ConsoleOne log settings, and console settings override startup switches. 


+ Section 56.6.1, “Locating GWIA Log Files,” on page 834 

+ Section 56.6.2, “Modifying Log Settings in ConsoleOne,” on page 834 

+ Section 56.6.3, “Modifying Log Settings through Startup Switches,” on page 836 

+ Section 56.6.4, “Modifying Log Settings through the GWIA Server Console,” on page 836 
+ Section 56.6.5, “Viewing Log Files,” on page 837 


Locating GWIA Log Files 


The default location of the GWIA log files varies by platform: 


Windows: domain\wpgate\gwia\000.pre 
Linux: /var/log/novell/groupwise/domain name.gwia 


You can change the location where the GWIA creates its log files in ConsoleOne, the GWIA 
configuration file (gwia.cfg), and the GWIA server console. 


Modifying Log Settings in ConsoleOne 


Through ConsoleOne, you can configure the following log settings: 


+ Log file location 
+ Logging level (applies to both console logging and disk logging) 
+ Maximum age for log files 


+ Maximum disk spaced used for log files 


The ConsoleOne settings are the default settings. The GWIA uses these settings unless you override 
them with startup switches in the gwia.cfg startup file or at the server console. 
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To configure the default log settings in ConsoleOne: 


1 Right-click the GWIA object, then click Properties. 
2 Click GroupWise > Log Settings to display the Log Settings page. 


Properties of GWIA 
LDAP | POP3AMAP4 | Server Directories | Access Control + | Reattach | Post Office Links | 


Log File Path: [ 


Logging Level: | Normal 


Max Log File Age: | 30 5 days 


O mah 


Max Log Disk Space: 102400 (,) KBytes 


3 Modify any of the following properties: 


Log File Path: The GWIA creates a new log file each day and each time it is started. The log file 
is named mmddgwia.nnn, where mm is the month, dd is the day, and nnn is a sequenced number 
(001 for the first log file of the day, 002 for the second, and so on). The default location of the log 
files depends on the platform where the GWIA is running. 


Windows: domain\wpgate\gwia\000.pre 


Linux: /var/log/novell/groupwise/domain name.gwia 


If you want to specify a different location, enter the directory path or browse to and select the 
directory. 


Logging Level: There are four logging levels: 
+ Off: Disables the logging function. 
+ Normal: Displays warnings and error messages. This is the preferred logging level. 


+ Verbose: Displays information about traffic, including non-delivery reports, in addition to 
warnings and error messages. Information includes the file name, path, message ID, and 
size of the message being processed; the IP address of any inbound SMTP connections; the 
GWIA-specific MSG number; and SMTP connection messages such as “Connect to 
novell.com” and “Accepted connection from 172.16.5.18 novell.com”. 


+ Diagnostic: Displays detailed function calls made by the GWIA. This level is not useful for 
most troubleshooting. Verbose is better for standard troubleshooting. 


The Verbose and Diagnostic logging levels do not degrade GWIA performance, but log files 
saved to disk consume more disk space when Verbose or Diagnostic logging is in use. 


Max Log File Age: Specify the number of days you want the GWIA to retain old log files. The 
GWIA retains the log file for the specified number of days unless the maximum disk space for 
the log files is exceeded. The default age is 30 days. 
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Max Log Disk Space: Specify the maximum amount of disk space you want to use for log files. 
If the disk space limit is exceeded, the GWIA deletes log files, beginning with the oldest file, 
until the limit is no longer exceeded. The default disk space is 102400 KB (100 MB). 


4 Click OK to save the log settings. 


Modifying Log Settings through Startup Switches 


You can use startup switches to override any log settings you configured in ConsoleOne. as described 
in Section 56.6.2, “Modifying Log Settings in ConsoleOne,” on page 834. Edit the gwia . cfg file to 
change switch settings, as described in Section 59.1.2, “Modifying the gwia.cfg File,” on page 852. 


For information about the startup switches that can be used to modify log settings, see Section 59.12, 
“Log File Switches,” on page 890. 


Modifying Log Settings through the GWIA Server Console 


You can use the Windows GWIA console to override the following log settings for the current 
sessions: 

+ Disk logging on/off 

+ Log file location 

+ Logging level (applies to both console logging and disk logging) 

+ Maximum age for log files 

+ Maximum disk spaced used for log files 
Changes you make to the log settings at the console apply only to the current session. When you 
restart the GWIA, the log level is reset to the level specified in ConsoleOne or the startup switches. 


See Section 56.6.2, “Modifying Log Settings in ConsoleOne,” on page 834 and Section 56.6.3, 
“Modifying Log Settings through Startup Switches,” on page 836. 


To modify the log settings: 


1 Inthe Windows GWIA console, click Log > Log Settings to display the Log Settings dialog box. 
xl 


Log Level —— 


7 r Disk Logging — 
Normal M © On 


F Trace execution C Off 


Log Maintenance Settings 
Maximum log file age: 30 Days 
Maximum log disk space: |102400 KBytes 


Cancel Help | 


2 Change the desired settings: 


Log Level: Select Normal to display warnings and error messages; this is the preferred logging 
level. Select Verbose to display information about traffic, including non-delivery reports, in 
addition to warnings and error messages. Information includes the file name, path, message ID, 
and size of the message being processed; the IP address of any inbound SMTP connections; the 
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GWIA-specific MSG number; and SMTP connection messages such as “Connect to novell.com” 
and “Accepted connection from 172.16.5.18 novell.com”. Select Diagnostic to display a detailed 
trace of gateway messages, errors, and operations that can be useful for troubleshooting. 


Disk Logging: Select On or Offto enable or disable logging of information to log files. 


Maximum Log File Age: Specify the number of days you want the GWIA to retain old log files. 
The GWIA retains the log file for the specified number of days unless the maximum disk space 
for the log files is exceeded. The default age is 30 days. 


Maximum Log Disk Space: Specify the maximum amount of disk space you want to use for log 
files. If the disk space limit is exceeded, the GWIA deletes log files, beginning with the oldest 
file, until the limit is no longer exceeded. The default disk space is 102400 KB (100 MB). 


Viewing Log Files 


You can view the log file for the current session, or you can view archived log files. The current log 
file is viewable through the GWIA console, as described in Section 56.1, “Using the GWIA Server 
Console,” on page 817, or in the GWIA Web console, as described in Section 56.2, “Using the GWIA 
Web Console,” on page 827. Archived files are viewable through the consoles or an ASCII text editor. 


Current Log File 


The current log file is displayed in the Logging window of the GWIA console, with only the most 
current operations visible. The log file is complete, and includes the gateway startup and 
configuration information and ongoing operations logged by time, including the shutdown 
operation. You can browse the file from top to bottom or perform a search for any text string you 
want. You can also view the current log file from the GWIA Web console. 


Archived Log Files 


The GWIA creates a new log file every day at midnight or every time it restarts. Older log files are not 
deleted for at least one day unless you have not allowed sufficient disk space for them to be archived. 


Log files are named according to the date they were created. If the GWIA was restarted during the 
day, the file extension indicates which session is logged (for example 051810g.003 indicates the third 
session logged for May 18). 


Archived log files are saved in ASCII. You can use any text editor to open a file or to print it. You can 
also view the log files from the GWIA console or the GWIA Web console. 


Using GWIA Error Message Documentation 


GWIA error messages are documented with the source and explanation of the error, possible causes 
of the error, and actions to take to resolve the error. See “Internet Agent Error Messages” in 
GroupWise 2012 Troubleshooting 1: Error Messages. 


Employing GWIA Troubleshooting Technigues 


If you are having a problem with the GWIA but not receiving a specific error message, or if the 
suggested actions for the specific error did not resolve the problem, you can review more general 
troubleshooting strategies for dealing with GWIA problems. See “Strategies for Agent Problems” in 
GroupWise 2012 Troubleshooting 2: Solutions to Common Problems. 
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Stopping the GWIA 


The following sections describe the various methods you can use to shut down the GWIA: 


+ Section 56.9.1, “Using the GWIA Server Console,” on page 838 

+ Section 56.9.2, “Using a Command at the Command Line,” on page 838 
+ Section 56.9.3, “Using a Mail Message,” on page 838 

+ Section 56.9.4, “Using a Shutdown File,” on page 838 


Using the GWIA Server Console 


To stop the GWIA while at the server console, click File > Exit. 


Using a Command at the Command Line 


To stop the GWIA at the command line: 
Linux: See “Stopping the Linux GroupWise Agents” in “Installing GroupWise Agents” in the GroupWise 
2012 Installation Guide. 


Windows: N/A 


Using a Mail Message 


The GWIA can be stopped by sending a shutdown message to the GWIA. In order to shut down the 
program with a message, the user sending the message must be defined as an operator for the GWIA. 
This prevents unauthorized users from shutting down the GWIA. For information about defining a 
user as an operator, see Section 56.5, “Assigning Operators to Receive Warning and Error Messages,” 
on page 832. 


The message to shut down the GWIA must be addressed to the GWIA, not a non-GroupWise 
domain. The syntax for the To line is: 


gwia: shutdown 


Replace gwia with the name of the GWIA object. 


Using a Shutdown File 


The GWIA can also be stopped by placing a file named shutdown in the 
domain\wpgate\gwia\000.prc directory. When the GWIA sees this file, it deletes the file and shuts 
down. 
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Optimizing the GWIA 


The following sections provide information about some of the methods you can use to optimize the 
speed and reliability of the GroupWise GWIA: 

+ Section 57.1, “Relocating the GWIA’s Processing Directories,” on page 839 

+ Section 57.2, “Increasing GWIA Speed,” on page 840 


57.1 Relocating the GWIA’s Processing Directories 


The GWIA uses several directories to process message files. For best performance, these directories 
should be located on the same server where the GWIA is running. 


Linux: If you installed the GWIA on a different server from where the domain is located, you should move 
the GWIA's processing directories to the server where the GWIA is running. 


Windows: The GWIA Installation program creates the GWIA’s processing directories on the Windows server 
when it installs the Windows GWIA, so you typically don’t need to move them. 


To define the location of the GWIA’s directories: 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 


2 Click Server Directories > Settings to display the server directories Settings page. 


Properties of GWIA 


POP31M4P4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise -| NDS Rights vi 
Settings 


These directories should be local to the Internet Agent server. 


Conversion Directory: 


| 


SMTP Queues Directory: 
|\WBD-GWigwsystemiprovot wpgateGWMA, 


Advanced... 


Page Options... Cancel Apply 


3 Fillin the fields: 
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Conversion Directory: Select the directory where the GWIA stores temporary files for message 
conversion. These files are automatically deleted after they are processed. The default 
conversion directory is under the GWIA gueue directory: 
domain/wpgate/gwia/000.prc/gwwork 


If you type a path to a Windows drive (rather than using the Browse button to select the 
directory), you must use UNC path syntax. 


This setting corresponds with the GWIA’s --work switch. 


SMTP Oueues Directory: Select the directory where the GWIA stores messages being routed to 
and from the Internet. The default directory is under the domain directory structure. 


domain\wpgate\gwia 


Four subdirectories are created under the SMTP queues directory: defer, send, receive, and 
result. 


This setting corresponds with the GWIA's --dhome switch. 
4 Click the Advanced button. 


Advanced Server Directories 


SMTP Service Queues Directory: 


A 


This directory has two purposes: 
1. Troubleshooting message processing problems 
2. Inserting third-party software into the message processing 


For more information, click Help. 


5 Fillin the field: 


SMTP Service Queues Directory: If you want, specify a secondary SMTP queues directory for 
outbound messages. This secondary directory can be helpful for troubleshooting by providing a 
way to trap messages before they are routed to the Internet. You can also use the secondary 
directory to run third-party utilities such as a virus scanner on Internet-bound messages. 


The GWIA places all outbound messages in this secondary directory. The messages must then be 
moved manually (or by another application) to the primary SMTP queues’ send directory (see 
Step 3) before the GWIA routes them to the Internet. 


This setting corresponds with the --smtphome switch. 


If you type a directory path rather than using the Browse button to select a directory, make sure 
you use UNC path syntax. 


6 Click OK to close the dialog box. 
7 Click OK to save the changes to the directory locations. 


57.2 Increasing GWIA Speed 


You can implement the following procedures to help enhance the GWIA’s processing speed: 


+ Section 57.2.1, “Sending and Receiving Threads,” on page 841 
+ Section 57.2.2, “Increasing Polling Time,” on page 841 
+ Section 57.2.3, “Decreasing the Timeout Cycles,” on page 842 
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Sending and Receiving Threads 


The GWIA uses sending and receiving threads to process incoming and outgoing messages. The 
more threads you make available, the more messages the GWIA can process concurrently. However, 
threads place a demand on the server's resources. Too many threads can monopolize memory and 
CPU utilization. 


Make sure you balance your processing speed reguirements with the other applications running on 
the same server as the GWIA. 


For information about adjusting the SMTP sending and receiving threads, see Section 53.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 757. 


Increasing Polling Time 


Incoming and outgoing messages are stored in priority gueues. The GWIA polls these gueues and 
then forwards the messages for distribution. The Time option lets you control how often the GWIA 
polls these gueuing directories. Make sure you balance polling time reguirements with the other 
applications running on the same server as the GWIA. 


1 In ConsoleOne, right-click the GWIA object, then click Properties. 
2 Click GroupWise > Gateway Time Settings to display the Gateway Time Settings page. 


Properties of GWIA 
LDAP | POPSAMAP4 | Server Directories | Access Control vl Reattach | Post Office Links | 


Send/Receive Cycle: 120 s seconds 


Minimum Run: 0 si seconds 


Idle Sleep Duration: 10 a seconds 


Snap Shot Interval: 600 si seconds 


3 Modify the following settings: 


Idle Sleep Duration: Select the time, in seconds, you want the GWIA to idle after it has 
processed its gueues. A low setting, such as 5 seconds, speeds up processing but reguires more 
resources. A higher setting slows down the GWIA but reguires fewer resources by reducing the 
number of network polling scans. The default is 10 seconds. 


Snap Shot Interval: The Snap Shot Interval is a sliding interval you can use to monitor GWIA 
activity. For example, if the Snap Shot Interval remains at the default (10 minutes), the Snap Shot 
columns in the console display only the previous 10 minutes of activity. 


4 Click OK to save the changes. 


Optimizing the GWIA 841 


57.2.3 Decreasing the Timeout Cycles 


The GWIA has a series of switches that control its timeout settings. By decreasing the default time of 
the timeout cycles you might be able to slightly increase the GWIA speed. However, the timeout 
cycles do not place an extremely significant burden on the overall performance of the GWIA so the 
effect might be minimal. You should consider this option only after you have tried everything else. 


For information about configuring the timeout settings in ConsoleOne, see Section 53.1.5, 
“Configuring the SMTP Timeout Settings,” on page 765. For information about configuring the 
settings using startup switches, see Section 59.6.9, “Timeouts,” on page 875. 
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Connecting GroupWise Systems and 
Domains Using the GWIA 


The GWIA can be used as a link between GroupWise systems and between domains in the same 
GroupWise system. 

+ Section 58.1, “Connecting GroupWise Systems,” on page 843 

+ Section 58.2, “Linking Domains,” on page 848 


Connecting GroupWise Systems 


If you have two independent GroupWise systems, you can use the GWIA to connect the two systems. 
This requires each GroupWise system to have the GWIA installed. 


After the systems are connected, you can synchronize information between the two systems so that 
users from both systems appear in the GroupWise Address Book. 


The following sections provide instructions: 


+ Section 58.1.1, “Overview,” on page 843 

+ Section 58.1.2, “Creating an External Domain,” on page 844 

+ Section 58.1.3, “Linking to the External Domain,” on page 845 

+ Section 58.1.4, “Checking the Link Status of the External Domain,” on page 847 
+ Section 58.1.5, “Sending Messages Between Systems,” on page 848 


+ Section 58.1.6, “Exchanging Information Between Systems,” on page 848 


Overview 


For the purpose of the following discussion, GWSys1 and GWSys2 represent two separate 
GroupWise systems. 


When you connect the two systems, you connect the two domains where the GWIAs are located. To 
do so: 


+ In GWSys1, define the GWSys2 GWIA domain as an external domain. Configure a domain link 
from the GWSys1 GWIA domain to the external domain, defining the link type as a gateway link 
that uses the GWIA. This allows GWSys1 to deliver messages to GWSys2. 


+ In GWSys2, define the GWSys1 GWIA domain as an external domain. Configure a domain link 
from the GWSys2 GWIA domain to the external domain, defining the link type as a gateway link 
that uses the GWIA. This allows GWSys2 to deliver messages to GWSys1. 


After you have connected the two systems, users can send messages between the two systems by 
entering the recipients’ full addresses (userID.post_office.domain or user@host). 
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If desired, you can simplify addressing by exchanging information between systems, which causes 
user information to be displayed in the Address Book. The easiest way to exchange information is to 
enable the External System Synchronization feature in both systems. When enabled, this 
synchronization constantly updates the Address Books in both systems so that local users can more 
easily address messages to and access information about the users in the external system. If you don't 
want to enable the External System Synchronization feature, you can manually exchange 
information. 


Creating an External Domain 


The first step in connecting two GroupWise systems by way of GWIAs is to create an external domain 
in each GroupWise system. The external domain represents the GWIA domain in the other 
GroupWise system and provides the medium through which you define the link to the other system. 


To create an external domain: 


1 In ConsoleOne, right-click GroupWise System, then click New > External Domain to display the 
Create External GroupWise Domain dialog box. 


Create External GroupWise Domain 


Domain name: 
| 
Domain Database Location (optional): 


| 2 


Time Zone: 


| (GMT-07:00) Mountain Time (US & Canada) 


Version: 

18.0 

Link To Domain: 
|Provo1 


Create another domain 


2 Fillinthe following fields: 


Domain Name: Specify the name of the GWIA domain as it is defined in the external 
GroupWise system. 


Domain Database Location (Optional): Leave this field empty. 
Time Zone: Select the time zone where the domain is physically located. 


Version: Select the external domain’s Group Wise version. The domain's version is determined 
by its MTA version. The options are 4.x, 5.x, 6, 6.5, 7, and 8. 


Link to Domain: Select the domain in your system that you want to link to the external domain. 
This must be your system’s GWIA domain. By default, all messages sent to the external 
GroupWise system are routed to this domain. The domain’s MTA then routes the messages to 
the GWIA, which connects to the GWIA in the other system. 


3 Click OK to create the external domain. 


The external domain is added to your GroupWise system and is visible in the GroupWise View. 
In the following example, Dublin is the external domain. 
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Novell ConsoleOne 
File Edit View Tools Help 


Domain Type 


External GroupWise 
Primary 
Secondary 


€ Dublin 
H-S Waltham 


@ Waltham2 


‘Waltham K:igwesyster\waltham 


4 Repeat Step 1 through Step 3 to define an external domain in the second GroupWise system. If 


you do not have administrative rights to that system, you must coordinate with that GroupWise 
system’s administrator. 


KS Novell ConsoleOne 
File Edit View Tools Help 


HREM A/I 


KƏ My World Domain Name Domain Type 


Primary 
i External GroupWise 
H-S} Dublin Secondary 
H- Walthami 
@ Waltham2 


Waltham Mail Waltham1 Kigwsystemwalthami 


5 Continue with Linking to the External Domain. 


58.1.3 Linking to the External Domain 


After you define a domain from the other Group Wise system as an external domain in your system, 
you need to make sure that your system’s domains have the appropriate links to the external domain. 


The GWIA domain in your system needs to have a gateway link to the external domain. All other 
domains in your system have indirect links (through the GWIA domain) to the external domain. 
These links are configured automatically when the external domain was created. 


To configure the gateway link for your GWIA domain: 


1 In ConsoleOne, right-click the GWIA domain, then click Group Wise Utilities > Link Configuration 
to display the Link Configuration utility. 
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KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 BEE) 


File Edit Search View Window Help 
g| HE ?| 2 | g| Faith (Primary) = Ņ na 


Domain: Waltham1 


Outbound Links from Waltham’ 


r Direct indirect ateway indefine 
Direct Indirect: Gate Undefined 
S Dublin 

% Waltham2 


rDirect Indirect: Undefined 
% Waitham2 


2 Inthe Outbound Links list, double-click the external domain to display the Edit Domain Link 


dialog box. 


KS Edit Domain Link 


Description: How Walthamt connects to Dublin OK 
Link Type: Direct ha 
Us Cancel 


Settings Help 


Protocol: UNC hd 


UNC Path: \UED-GWimail\gwsystemidublin Scheduling... 


I Override 


Maximum send message size: 0 4 MBytes 
Delay message size: 0 + MBytes 


Transfer Pull Info... External Link Info... 


3 Modify the following fields: 
Link Type: Select Gateway. 
Gateway Link: Select the name of your GWIA. 


Gateway Access String: Specify the hostname (GWIA object > SMTP/MIME > Settings) or 
foreign ID (GWIA object > GroupWise > Identification) assigned to the external domain’s GWIA 


(for example, gwia.ctp.com). 
Return Link: Leave this set to your GWIA domain. 
4 Click OK to save your changes. 


The external domain is displayed in the Gateway column of the Outbound Links list to show that 
the current domain is using a gateway link to the external domain. The % symbol indicates a 
gateway link. The t symbol indicates that the link configuration is not yet saved. To save the 


configuration information, click Edit > Save. 
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KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 
File Edit Search View Window Help 


E % 9 ka QA || Mathan (Primary) 


Domain: Waltham1 
Outbound Links from Waltharnt 


pDirect: Indirect: Gateway: Undefined 
+, Waltham2 S $ Dublin (GMA) 


rDirect Indirect: Undefined ——————— 
%, Waltham2 


By default, the rest of the domains in your system should have an indirect link to the external 
domain. To verify this for a domain: 


5 Inthe list of domains on the Link Configuration utility’s toolbar, select the domain whose link 
you want to check, then verify that the external domain is displayed in the Indirect column of 
the Outbound Links list. 


The °$ symbol indicates an indirect link. If the # symbol is displayed, the link modification has 
not yet been propagated to the domain. 


KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 
File Edit Search View Window Help 


E F8 9 ka als sd KS Matham2 (Secondary) 


Domain: Waltham2 


‘Outbound Links from Waltham2 
pDirect: Indirect: r Gateway: Undefined 
gs Waltham1 °$ Dublin (Waltham) 


r Direct pindirect: 
%, Waltham1 


6 After verifying your domain links, repeat Step 1 through Step 5 in the second GroupWise system 
to establish the links to the first GroupWise system. If you do not have administrative rights to 
that system, you must coordinate with that GroupWise system’s administrator. 


7 Continue with Checking the Link Status of the External Domain. 


58.1.4 Checking the Link Status of the External Domain 


The GroupWise MTA has monitoring capabilities that let you determine whether the domains in 
your system are properly linked to the external domain. When you look at the MTA’s operation 
screen, you should see the external domain added to the domain count in the Status box. 


If the link to the external domain is closed, the MTA should be logging and displaying the reasons 
under its Configuration Status function. 
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For more information about link protocols, see Chapter 10, “Managing the Links between Domains 
and Post Offices,” on page 155. 


Sending Messages Between Systems 


After you have established links between the GWIA domains in the two GroupWise systems, users in 
one system can send message to recipients in the other system by including the recipients’ fully- 
gualified GroupWise addresses: 


userID.post office.domain or user@host 


To simplify addressing for your GroupWise users, you can exchange information between the two 
systems. This enables users in your GroupWise system to use the Address Book when selecting 
recipients from the other system. For information, see the next section, Exchanging Information 
Between Systems. 


Exchanging Information Between Systems 


Exchanging information between two GroupWise systems enables users in either system to use the 
Address Book when addressing messages to users in the other system. To exchange information, you 
can choose from the following methods: 


External System Synchronization: You can use the External System Synchronization feature to 
automatically exchange domain, post office, user, resource, and distribution list information between 
the two systems. After the initial exchange of information, any information that changes in one 
system is automatically propagated to the other system in order to synchronize the information in 
that system. This is the recommended method for exchanging information between two systems. For 
information about setting up synchronization between two external systems, see Section 4.8, 
“External System Synchronization,” on page 84. 


Manual Creation of Information: You can manually create the other systems' objects (domains, post 
offices, users, resources, and distribution lists) as external objects in your GroupWise system. When 
doing so, the names of your external objects need to exactly match the names of the objects as defined 
in their system. Domains in your system link to the external domains indirectly through the first 
external domain you created (this is the external domain that one of your system’s domains has a 
direct link to). The advantage to this method is that you can choose which of the other system's 
domains, post offices, users, resources, and distribution lists you want included in your system. The 
disadvantage is that there is a great amount of administrative overhead involved in creating all the 
objects and, after the objects are created, no automatic synchronization takes place so updates must 
be made manually. 


Linking Domains 


If you have domains that cannot be linked by way of a mapped or TCP/IP connection, you can 
connect them by way of gateway links, with the GWIA defined as the gateway. Both domains being 
linked must have an GWIA installed. 


For purposes of reducing confusion in the following steps, the two domains being connected are 
referred to as Provo and Cambridge. You should substitute your domains appropriately. 


To configure gateway links between two domains: 


1 In ConsoleOne, right-click the Provo domain, then click GroupWise Utilities > Link Configuration 
to display the Link Configuration utility. 
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KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 BEE) 


File Edit Search View Window Help 
g| HE ?| 2 | g| Faith (Primary) = Ņ na 


Domain: Waltham1 


Outbound Links from Waltham’ 


r Direct indirect ateway indefine 
Direct Indirect: Gate Undefined 
S Dublin 

% Waltham2 


rDirect Indirect: Undefined 
% Waitham2 


2 Inthe Outbound Links list, double-click the Cambridge domain to display the Edit Domain Link 
dialog box. 


KS Edit Domain Link 


Description: How Waltham1 connects to Dublin OK 
Link Type: Direct ha 
Us Cancel 


Settings Help 


Protocol: UNC hd 


UNC Path: \UED-GWimail\gwsystemidublin Scheduling... 


I Override 


Maximum send message size: 0 4 MBytes 
Delay message size: 0 + MBytes 


Transfer Pull Info... External Link Info... 


3 Modify the following fields: 
Link Type: Select Gateway. 
Gateway Link: Select the name of the Provo domain’s GWIA. 


Gateway Access String: Specify the hostname (GWIA object > SMTP/MIME > Settings) or 
foreign ID (GWIA object > GroupWise > Identification) of the Cambridge domain’s GWIA (for 
example, gwia.ctp.com). 


Return Link: Leave this set to the Provo domain. 
4 Click OK to save your changes. 


The Cambridge domain is displayed in the Gateway column of the Outbound Links list to show 
that the Provo domain is using a gateway link to it. The % symbol indicates a gateway link. The 


t symbol indicates that the link configuration is not yet saved. To save the configuration 
information, click Edit > Save. 
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KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 


File Edit Search View Window Help 


E % 9 ka QS) TEI! Pathan Primary) 


Domain: Waltham1 


Outbound Links from Waltham 


r Direct Indirect: 


%, Waltham2 


rDirect Indirect: 


Gateway: Undefined 
S Dublin (GMA) 


%, Waltham2 


Undefined ——————— 


By default, any domains that are already linked to your Provo domain should have an indirect 
link to the Cambridge domain through the Provo domain. To verify this for a domain: 


5 Inthe list of domains on the Link Configuration utility’s toolbar, select the domain whose link 
you want to check, then verify that the Cambridge domain is displayed in the Indirect column of 


the Outbound Links list. 


The °$ symbol indicates an indirect link. If the symbol is displayed, the link modification has 


not yet been propagated to 


the domain. 


KS GroupWise Link Configuration Tool - K:\gwsystem\waltham1 


File Edit Search View Window Help 


E F8 9 ka ais R ? Fweitham2 (Secondary) 


Domain: Watthamz 


| Outbound Links from Waltham2 
pDirect: Indirect: 


gs Waltham1 °$ Dublin (Waltham) 


r Direct 


r Gateway: Undefined 


% Waltham1 


indirect: 


6 After verifying your domain links, repeat Step 1 through Step 5 in the second GroupWise system 
to establish the links to the first GroupWise system. If you do not have administrative rights to 
that system, you must coordinate with that GroupWise system’s administrator. 


The GroupWise MTA has monitoring capabilities that let you determine whether the domains in 


your system are properly linked. 
domains, regardless of link type, 


When you look at the MTA's operation screen, you should see all 
included in the domain count in the Status box. 


If the link to a domain is closed, the MTA should be logging and displaying the reasons under its 


Configuration Status function. 


For more information about link 
and Post Offices,” on page 155. 
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protocols, see Chapter 10, “Managing the Links between Domains 


59.1 


Using GWIA Startup Switches 


Choose from the following list to find out how to use GWIA startup switches, and for an explanation 
of the purpose for each of the switches. The switches are grouped into sections according to the 
features and functionality that they affect. 

+ Section 59.1, “How to Use Startup Switches,” on page 851 

+ Section 59.2, “Alphabetical List of Switches,” on page 853 

+ Section 59.3, “Required Switches,” on page 858 

+ Section 59.4, “Console Switches,” on page 859 

+ Section 59.5, “Environment Switches,” on page 860 

+ Section 59.6, “SMTP/MIME Switches,” on page 862 

+ Section 59.7, “POP3 Switches,” on page 880 

+ Section 59.8, “IMAP4 Switches,” on page 882 

+ Section 59.9, “HTTP (Web Console) Switches,” on page 884 

+ Section 59.10, “SSL Switches,” on page 885 

+ Section 59.11, “LDAP Switches,” on page 887 

+ Section 59.12, “Log File Switches,” on page 890 


How to Use Startup Switches 


The default location for the GWIA configuration file (gwia . cfg) file varies by platform. 


Linux: /opt/novell/groupwise/agents/share 
Windows: c:\Program Files\Novell\GroupWise Server\GWIA 
The GWIA reads the gwia.cfg file at startup and restart. Only one switch is required in the gwia.cfg 


file. The --home switch points to the GWIA's gateway directory. This is always a subdirectory of 
wpgate in the domain directory structure. 


NOTE: A boilerplate version of the gwia.cfg file is stored in the domain/wpgate directory, but the 
GWIA does not read it. Do not edit the switches in the gwia.cfg file in the domain/wpgate directory. 
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When you update the GWIA software, the existing gwia.cfg file can be retained or overwritten as 
needed. 


Linux: When you use both the /nstall and Configure options in the Internet Agent Installation program, 
the existing gwia.cfg file is backed up and then overwritten. When you use only the /nstall 
option, the existing gwia . cfg file is retained. 


Windows: When you select Install the software files, but do not configure the Internet Agent in the Internet 
Agent Installation program, the existing gwia . cfg file is retained. When you do not select this 
option, the existing gwia.cfg file is backed up and then overwritten. 


You can use the gwia.cfg file to override primary configuration settings that are stored in the 
domain database (wpdomain.db) and modified in ConsoleOne. You can also use the gwia.cfg file to 
set secondary configuration settings that are not available in ConsoleOne. Section 59.2, “Alphabetical 
List of Switches,” on page 853 indicates which settings are available in ConsoleOne and which 
settings are not. You can view the GWIA startup file from the Configuration page of the GWIA Web 
console. 

+ Section 59.1.1, “Changing GWIA Settings in ConsoleOne,” on page 852 

+ Section 59.1.2, “Modifying the gwia.cfg File,” on page 852 

+ Section 59.1.3, “Editing Guidelines,” on page 852 


59.1.1 Changing GWIA Settings in ConsoleOne 


We recommend that you modify configuration settings in ConsoleOne rather than using 
corresponding switches in the gwia.cfg file. 


59.1.2 Modifying the gwia.cfg File 


If you need to change the GWIA’s configuration and do not have access to ConsoleOne, you can 
manually edit the gwia. cfg file. Any changes you make to the gwia . cfg file override the primary 
settings in ConsoleOne so that the GWIA starts using the new settings. However, the primary 
settings are not changed in the domain database as a result of editing the gwia.cfg file. In order to 
specify secondary configuration settings that are not available in ConsoleOne, you must edit the 
gwia.cfg file. 


The location of the gwia.cfg file used by the GWIA depends on the GWIA’s platform: 
Linux: The gwia.cfg file used by the Linux GWIA is located in the /opt /novell/groupwise/ 
agents/share directory. 


Windows: The gwia.cfg file used by the Windows GWIA is located in the domain\wpgate\gwia 
directory. Do not edit the gwia.cfg file located in the same directory as the GWIA program. This 
gwia.cfg file is only used to redirect the GWIA to the gwia.cfg file in the 
domain\wpgate\gwia directory. 


59.1.3 Editing Guidelines 


If you decide to manually edit the gwia.cfg file, keep the following guidelines in mind: 


+ Archive a copy of the file in case you need to return to the original switch settings. 


+ Use a text editor to edit the file. 
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+ The comment characters include the semicolon (;), pound sign (#), and asterisk (*), and are used 
to disable a switch or to add comments. The GWIA ignores any line that begins with a comment 


character. 


+ Changes made to the configuration file do not take effect until you restart the GWIA. 


+ On Linux, use a space to separate a switch from its value. On Windows, you can use a hyphen (- 
) or an equals sign (=) to separate a switch from its value. The equals sign is especially useful 
when the value includes a hyphen. 


+ None of the switches or switch values are case sensitive. For example, --sd 12 is the same as --SD 


12. 


+ Ifa switch is specified more than once in the configuration file or on the command line, and if it 
has a value (such as --loglevel normal), only the last instance of the switch is used. 


* The gwia.cfg file is used by default. However, you can also specify another configuration file or 
use startup switches on the command line when starting the GWIA program. If no other 
configuration file is specified on the command line (using the gwia @file_name syntax), the 
default gwia.cfg configuration file is read and processed before, and in addition to, any 
command line switches. 


¢ Ifa configuration file other than gwia.cfg is specified on the command line, the default 
gwia.cfg file is not read. 


Alphabetical List of Switches 


Primary configuration settings are available in ConsoleOne. Secondary configuration settings are not 
available in ConsoleOne and can be set only using switches in the gwia.cfgfile. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


Linux GWIA 


--aql 


--aqor 
--noaqor 
--ari 


--attachmsg 
--noattachmsg 


--badmsg 


--blockrulegenmsg 
--certfile 

--cluster 
--dbchar822 


--dhome 


--defaultcharset 


Windows GWIA 


/aql 


lagor 
Inoagor 
lari 


/attachmsg 
/noattachmsg 


/badmsg 


/blockrulegenmsg 
/certfile 

/cluster 
/dbchar822 


/dhome 


/defaultcharset 


ConsoleOne Settings 


SMTP/MIME > Address Handling > Sender’s 
Address Format 


SMTP/MIME > Address Handling > Place 
Domain and Post Office Qualifiers on Right of 
Address 


N/A 
N/A 


SMTP/MIME > Undeliverables > Undeliverable 
or Problem Message 


N/A 
GroupWise > SSL Settings > Certificate File 
N/A 
N/A 


Server Directories > Settings > SMTP Queues 
Directory 


N/A 
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Linux GWIA 


--delayedmsgnotification 
--nodelayedmsgnotification 


--dia 
--nodia 


N/A 
N/A 
-disallowauthrelay 


--displaylastfirst 
--nodisplaylastfirst 


--dontreplaceunderscore 
--replaceunderscore 


--dsn 
--nodsn 


--dsnage 
--etrnhost 
--etrnqueue 


--fd822 


--fdmime 


--flatfwd 
--noflatfwd 


--force7bitout 
--noforce7bitout 


--forceinboundauth 
--forceoutboundauth 


--fut 


--group 
--nogroup 


--help 
--hn 


--home 


--httppassword 


--httpport 


--httprefresh 


Windows GWIA 


/delayedmsgnotification 
/nodelayedmsgnotification 


/dia 
/nodia 


/dialpass 
/dialuser 
/disallowauthrelay 


/displaylastfirst 
Inodisplaylastfirst 


/dontreplaceunderscore 
/replaceunderscore 


/dsn 
/nodsn 


/dsnage 
/etrnhost 
/etrnqueue 


/fd822 


/fdmime 


/flatfwd 
/noflatfwd 


/force7bitout 
/noforce7bitout 


/forceinboundauth 
/forceoutboundauth 


/fut 


/group 
/nogroup 


/help 
/hn 


/home 


/httppassword 


/httpport 
/httprefresh 
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ConsoleOne Settings 


SMTP/MIME > Settings 


SMTP/MIME > Address Handling > Ignore 
GroupWise Internet Addressing 


SMTP/MIME > Dial-Up Settings > Password 
SMTP/MIME > Dial-Up Settings > Username 
N/A 


SMTP/MIME > Address Handling > Display 
Fullname as Lastname, Firstname 


SMTP/MIME > Address Handling > Do Not 
Replace Underscores with Spaces 


SMTP/MIME > ESMTP Settings > Enable 
Delivery Status Notification (DSN) 


SMTP/MIME > ESMTP Settings > DSN Hold Age 


SMTP/MIME > Dial-Up Settings > ETRN Host 
SMTP/MIME > Dial-Up Settings > ETRN Queue 


SMTP/MIME > Address Handling > Non- 
GroupWlse Domain for RFC-822 Replies 


SMTP/MIME > Address Handling > Non- 
GroupWlse Domain for MIME Replies 


SMTP/MIME > Message Formatting > Enable 
Flat Forwarding 


SMTP/MIME > Settings > Use 7 Bit Encoding for 


All Outbound Messages 
N/A 
N/A 


SMTP/MIME > Undeliverables > Forward 
Undeliverable Inbound Messages 


SMTP/MIME > Address Handling > Expand 
Groups on Incoming Messages 


N/A 


SMTP/MIME > Settings > Hostname/DNS 
Record “A Record” Name 


N/A 


GroupWise > Optional Gateway Settings > HTTP 


Password 
GroupWise > Network Address > HTTP Port 


N/A 


Linux GWIA 


--httpssl 


--httpuser 


--imap4 


--imapport 


--imapreadlimit 


--imapreadnew 
--imapsport 
--imapssl 


--imip--noimip 


--ip 


--ipa 

--ipp 

--iso88591is 

--it 
--keepsendgroups 
--nokeepsendgroups 
--keyfile 
--keypasswd 


--killthreads 
--nokillthreads 


--koi8 

--Idap 
--Idapentxt 
--Idapipaddr 
--Idapport 
--Ildappwd 
--Idaprefcntxt 
--Idaprefurl 
--Idapserverport 


--Idapserverssiport 


Windows GWIA 


/httpssl 


/httpuser 


/imap4 


/imapport 


/imapreadlimit 


/imapreadnew 
/imapsport 
/imapssl 

/imip 

/noimip 


/ip 


/ipa 

lipp 

liso88591is 

lit 

Ikeepsendgroups 
/nokeepsendgroups 
/keyfile 

/keypasswd 


/killthreads 
/nokillthreads 


/koi8 

Ildap 
Ildapentxt 
Ildapipaddr 
Ildapport 
Ildappwd 
Ildaprefcntxt 
Ildaprefurl 
/ldapserverport 


/ldapserversslport 


ConsoleOne Settings 


GroupWise > Network Address > HTTP SSL 


GroupWise > Optional Gateway Settings > HTTP 
User Name 


POP3/IMAP4 > Settings > Enable IMAP4 
Service 


GroupWise > Network Address > IMAP Port 


POP3/IMAP4 > Settings > Maximum Number of 
Items to Read 


N/A 
GroupWise > Network Address > IMAP SSL Port 
GroupWise > Network Address > IMAP SSL 


SMTP/MIME > Settings > Enable iCal Service 


GroupWise > Network Address > Bind 
Exclusively to TCP/IP Address 


N/A 
N/A 
N/A 


POP3/IMAP4 > Settings > Number of Threads 
for IMAP4 Connections 


SMTP/MIME > Address Handling > Retain 
Distribution Lists on Outgoing Messages 


GroupWise > SSL Settings > SSL Key File 
GroupWise > SSL Settings > Password 


SMTP/MIME > Settings > Kill Threads on Exit or 
Restart 


N/A 

LDAP > Settings > Enable LDAP Service 
LDAP > Settings > LDAP Context 

N/A 

GroupWise > Network Address > LDAP Port 
N/A 

LDAP > Settings > LDAP Context 

LDAP > Settings > LDAP Referral URL 
GroupWise > Network Address > LDAP Port 


GroupWise > Network Address > LDAP SSL Port 
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Linux GWIA 


--ldapssl 
--noldapssl 


--Idapthrd 
--Idapuser 
--log 
--logdays 
--loglevel 


--logmax 


--maxdeferhours 


--mbcount 


--mbtime 


--mh 


--mime 


--msgdeferinterval 


--msstu 


--mudas 


--nasoq 
--nickgroup 
--noesmtp 


--noimapversion 


--noiso2022 
--1so2022 


--nomappriority 
--mappriority 


--nopopversion 


--nosmtpversion 
--smtpversion 


Windows GWIA 


/Idapssl 
/noldapssl 


/ldapthrd 
Ildapuser 
/log 
/logdays 
/loglevel 


/logmax 


/maxdeferhours 


/mbcount 


/mbtime 


/mh 


/mime 


/msgdeferinterval 


/msstu 


/mudas 


Inasoq 
/nickgroup 
/noesmtp 


/noimapversion 


/noiso2022 
liso2022 


/nomappriority 
/mappriority 


/nopopversion 


/nosmtpversion 
/smtpversion 
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ConsoleOne Settings 


GroupWise > Network Address > LDAP SSL 


LDAP > Settings > Number of LDAP Threads 
N/A 

GroupWise > Log Settings > Log File Path 
GroupWise > Log Settings > Max Log File Age 
GroupWise > Log Settings > Log Level 


GroupWise > Log Settings > Max Log Disk 
Space 


SMTP/MIME > Settings > Maximum Number of 
Hours to Retry a Deferred Message 


SMTP/MIME > Security Settings > Enable 
Mailbomb Protection and Mailbomb Threshold 


SMTP/MIME > Security Settings > Enable 
Mailbomb Protection and Mailbomb Threshold 


SMTP/MIME > Settings > Relay Host for 
Outbound Messages 


SMTP/MIME > Message Formatting > Default 
Message Encoding: MIME 


SMTP/MIME > Settings > Intervals to Retry a 
Deferred Message 


N/A 


SMTP/MIME > Undeliverables > Amount of 
Original Message to Return to Sender When 
Message Is Undeliverable 


N/A 
N/A 
N/A 


SMTP/MIME > POP3/IMAP4 > Settings > Do Not 
Publish GroupWise Information on an Initial 
IMAP4 Connection 


N/A 


SMTP/MIME > Message Formatting > Disable 
Mapping X-Priority Fields 


SMTP/MIME > POP3/IMAP4 > Settings > Do Not 
Publish GroupWise Information on an Initial 
POP3 Connection 


SMTP/MIME > Settings > Do Not Display 
GroupWise Information on an Initial SMTP 
Connection 


Linux GWIA 


--nosnmp 


--notfamiliar 
--familiar 


--ngpmt 
--P 
--pop3 


--nopop3 


--popintruderdetect 


--popport 
--popsport 
--popssl 


--pt 


--rbl 


--rd 


--realmailfrom 
--norealmailfrom 


--rejbs 


--relayaddsignature 


--rt 


--sd 


--Show 
--smtp 


--smtphome 


--smtpport 
--smtpssl 


--sslit 


Windows GWIA 


/nosnmp 


/notfamiliar 
/familiar 


Ingpmt 
IP 
/pop3 


/nopop3 


/popintruderdetect 


/popport 
/popsport 
/popssl 


==Di 


/rbl 


/rd 


/realmailfrom 
/norealmailfrom 


/rejbs 


/relayaddsignature 


/rt 


/sd 


N/A 
/smtp 


/smtphome 


/smtpport 
/smtpssl 


/sslit 


ConsoleOne Settings 


N/A 
N/A 


SMTP/MIME > Message Formatting > Enable 
Quoted Printed Message Text Line Wrapping 


SMTP/MIME > Settings > Scan Cycle for Send 
Directory 


POP3/IMAP4 > Settings > Enable POP3 Service 


POP3/IMAP4 > Settings > Enable Intruder 
Detection 


GroupWise > Network Address > POP Port 
GroupWise > Network Address > POP SSL Port 
GroupWise > Network Address > POP SSL 


POP3/IMAP4 > Settings > Number of Threads 
for POP3 


Access Control > Blacklists > Blacklist 
Addresses 


SMTP/MIME > Settings > Number of SMTP 
Receive Threads 


SMTP/MIME > Address Handling > Use 
GroupWise User Address as Mail From: for Rule 
Generated Messages 


SMTP/MIME > Security Settings > Reject Mail If 
Sender’s Identity Cannot Be Verified 


SMTP/MIME > Message Formatting > Apply 
Global Signature to Relay Messages 


SMTP/MIME > Message Formatting > Number of 
Inbound Conversion Threads 


SMTP/MIME > Settings > Number of SMTP 
Send Threads 


N/A 
SMTP-MIME > Settings > Enable SMTP 


Server Directories > Settings > Advanced > 
SMTP Service Queues Directory 


GroupWise > Network Address > SMTP Port 
GroupWise > Network Address > SMTP SSL 


POP3/IMAP4 > Settings > Number of Threads 
for IMAP4 SSL Connections 
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Linux GWIA Windows GWIA ConsoleOne Settings 


--sslpt /sslpt POP3/IMAP4 > Settings > Number of Threads 
for POP3 SSL Connections 

--st /st SMTP/MIME > Message Formatting > Number of 
Outbound Conversion Threads 

--tc /tc SMTP/MIME > Timeouts > Commands 

--td /td SMTP/MIME > Timeouts > Data 

--te /te SMTP/MIME > Timeouts > Connection 
Establishment 

--tg itg SMTP/MIME > Timeouts > Greeting 

--tr Itr SMTP/MIME > Timeouts > TCP Read 

--tt Itt SMTP/MIME > Timeouts > Connection 
Termination 

--usedialup lusedialup SMTP/MIME > Dial-Up Settings > Enable Dial- 
Up 

--uueaa /uueaa SMTP/MIME > Message Formatting > 
UUEncode All Message Attachments 

--work /work Server Directories > Settings > Conversion 
Directory 

--wrap /wrap SMTP/MIME > Message Formatting > Line Wrap 


Length for Message Text on Outbound Mail 


--xspam /xspam SMTP/MIME > Junk Mail 


59.3 Required Switches 


The following switches point the GWIA to the GWIA’s directory. They are assigned their initial value 
during installation. 


--dhome 
--hn 
--home 


59.3.1 --dhome 


Points to the SMTP service work area. This is normally the GWIA’s gateway directory under the 
domain\ wpgate directory. See Section 57.1, “Relocating the GWIA' Processing Directories,” on 
page 839. 


Syntax: --dhome path_name 
Linux Example: --dhome /gwsystem/provol/gwia 


Windows Example: /dhome=c: \gwsystem \ provo2 \ gwia 
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59.3.2 


59.3.3 


59.4 


59.4.1 


59.4.2 


--hn 


Specifies the hostname that is displayed when someone connects to your GWIA using a Telnet 
session. You should enter the hostname assigned to you by your Internet service provider. 


Syntax: --hn host name 
Example: --hn gwia.novell.com 


This switch is reguired only under certain circumstances. Normally, the GWIA gets the information 
from another source and does not need this switch. If you receive a message that the --hn switch is 
reguired, you must use the switch. 


--home 


Points the GWIA to the GWIA’s gateway directory. This is always a subdirectory of wpgate in the 
domain directory structure. 


Syntax: --home gateway_directory 
Linux Example: --home /gwsystem/provol/gwia 
Windows Example: /home-j: \headq \ wpgate \ gwia 


If you specify a UNC path with the --home switch when you run the GWIA as a Windows service, 
you must configure the GWIA service to run under a specific Windows user account. If you specify a 
local directory or a mapped drive, you can configure the GWIA service to run under the local system 
account. 


Console Switches 


The following switches apply to the GWIA console: 


--color 
--help 
--mono 
--show 


--color 


Sets the default color of the GWIA console. The values range from 0-7. 
Syntax: color-011121314151617 
Example: --color 3 


You can also change the color of the screen for an GWIA session. From the menu on the bottom of the 
console, select Options, then press the key for Colors. 


--help 


Displays the Help screen for the startup switches. 


Syntax: --help 
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59.4.3 


59.4.4 


59.5 


59.5.1 


59.5.2 


--mono 


Runs the GWIA for a computer with a monochrome monitor. 


Syntax: --mono 


--Show (Linux Only) 


Starts the Linux GWIA with an agent console interface similar to that provided for the Windows 
GWIA. This user interface requires that the X Window System and Open Motif are running on the 
Linux server. 


Syntax: --show 


The --show switch cannot be used in the GWIA startup file (gwia . cfg). However, if you want the 
GWIA to start with a user interface when you run the grpwise script or when the server reboots, you 
can configure the GroupWise High Availability service (gwha) to accomplish this, as described in 
“Configuring the GroupWise High Availability Service in the gwha.conf File” in “Installing 
GroupWise Agents” in the GroupWise 2012 Installation Guide. 


Environment Switches 


The following switches configure GWIA environment settings such as working directories, clustering 
support, and SNMP support. 


--cluster 
--ip 

--ipa 
--nosnmp 
--smtphome 
--work 


--cluster 


Informs the GWIA that it is running in a cluster. A clustered GWIA automatically binds to the IP 
address configured for the GWIA object even if the Bind Exclusively to TCP/IP Address option is not 
selected on the GWIA Network Address page in ConsoleOne. This prevents unintended connections 
to other IP addresses, such as the loopback address or the node’s physical IP address. For information 
about clustering the GWIA, see the GroupWise 2012 Interoperability Guide. 


Syntax: --cluster 


--ip 
Binds the GWIA to the specified IP address so that, on a server with multiple IP addresses, the GWIA 
uses only the specified IP address. 


Syntax: --ip address 
Example: --ip 172.16.5.18 
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59.5.3 


59.5.4 


59.5.5 


59.5.6 


59.5.7 


--ipa 


Specifies the IP address (or hostname) of a GroupWise POA that the GWIA can use to resolve IP 
addresses of other POAs in the system. This replaces the need to configure post office links for the 
GWIA in ConsoleOne (GWIA object > Post Office Links > Settings). 


If you have established a GroupWise name server (ngwnameserver), you can use it. See Section 36.2.2, 
“Simplifying Client/Server Access with a GroupWise Name Server,” on page 496. 


Syntax: --ipa address 


Example: --ipa ngwnameserver 


--ipp 


Specifies the port number of a GroupWise POA that the GWIA can use to resolve IP addresses of 
other POAs in the system. This replaces the need to configure post office links for the GWIA in 
ConsoleOne (GWIA object > Post Office Links > Settings). 


If you have established a GroupWise name server (ngwnameserver), you can use it. See Section 36.2.2, 
“Simplifying Client/Server Access with a GroupWise Name Server,” on page 496. 


Syntax: --ipp port_number 


Example: --ipp 678 


--nosnmp 


Disables SNMP for the GWIA. The default is to have SNMP enabled. See Section 37.6, “Using an 
SNMP Management Console,” on page 553. 


Syntax: --nosnmp 


--smtphome 


Specifies a secondary SMTP queues directory for inbound and outbound messages. This secondary 
directory can be helpful for troubleshooting by providing a way to trap messages before they are 
routed to the Internet. You can also use the secondary directory to run third-party utilities such as a 
virus scanner on Internet-bound messages. See Section 57.1, “Relocating the GWIA'Ss Processing 
Directories,” on page 839. 


The GWIA places all outbound messages in this secondary directory. The messages must then be 
moved manually (or by another application) to the primary SMTP queue’s send directory (--dhome 
switch) before the GWIA routes them to the Internet. 


Syntax: --smtphome path 


Example: --smtphome mail: \provol\wpgate\gwia\smtp2 


--work 


Sets the directory where the GWIA stores its temporary files. On Linux, the work directory is located 
in the domain by default. On Windows, it is not. 


Linux: domain/wpgate/gwia/000.prc/gwwork 
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Windows: c:\grpwise\gwia 


Syntax: --work path. name 
Linux Example: --work /opt/novell/groupwise/tmp 


Windows Example: /work -j:\tmp\work 


59.5.8 --nasoq 


By default, the GWIA sends the accounting file (acct) to users specified as accountants in 
ConsoleOne (GWIA object > Group Wise > Gateway Administrators). The file is sent daily at midnight 
and any time the GWIA shuts down. 


This switch instructs the GWIA to send the acct file once daily at midnight, not each time the GWIA 
guits or is shut down. 


Syntax: --nasog 


59,6 SMTP/MIME Switches 


The following sections categorize and describe the switches that you can use to configure the GWIA’s 
SMTP/MIME settings: 
+ Section 59.6.1, “SMTP Enabled,” on page 862 
+ Section 59.6.2, “iCal Enabled,” on page 863 
+ Section 59.6.3, “Address Handling,” on page 863 
+ Section 59.6.4, “Message Formatting and Encoding,” on page 868 
+ Section 59.6.5, “Forwarded and Deferred Messages,” on page 871 
+ Section 59.6.6, “Extended SMTP,” on page 872 
+ Section 59.6.7, “Send/Receive Cycle and Threads,” on page 873 
+ Section 59.6.8, “Dial-Up Connections,” on page 874 
+ Section 59.6.9, “Timeouts,” on page 875 
+ Section 59.6.10, “Relay Host,” on page 876 
+ Section 59.6.11, “Host Authentication,” on page 877 
+ Section 59.6.12, “Undeliverable Message Handling,” on page 878 
+ Section 59.6.13, “Mailbomb and Spam Security,” on page 878 


59.6.1 SMTP Enabled 


The following switches enable SMTP and suppress version information display. 


--smtp 
--nosmtpversion 
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59.6.2 


59.6.3 


--smtp 


Enables the GWIA to process SMTP messages. See Section 53.1.1, “Configuring Basic SMTP/MIME 
Settings,” on page 757. 


Syntax: --smtp 


--nosmtpversion 


Suppresses the GroupWise version and copyright date information that the GWIA typically responds 
with when contacted by another SMTP host or a telnet session. 


Syntax: --nosmtpversion 


iCal Enabled 


The following switch enables iCal. 


--imip 
--imip 


Converts outbound GroupWise Calendar items into MIME text/calendar iCal objects and converts 
incoming MIME text/calendar messages into GroupWise Calendar items. 


Syntax: --imip 


Address Handling 


The following switches determine how the GWIA handles email addresses: 


--aql 

--agor 

--ari 
--blockrulegenmsg 
--dia 
--displaylastfirst 
--dontreplaceunderscore 
--fd822 

--fdmime 

--group 
--keepsendgroups 
--msstu 
--nomappriority 
--notfamiliar 
--realmailfrom 
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--ag| 


Allows you to determine the address gualification level. It specifies which GroupWise address 
components (domain.post_office.user) must be included as the user portion of a GroupWise user's 
outbound Internet address (userhost). Valid options are auto, userid, po, and domain. 


This switch is valid only if your system is not configured to use Internet-style addressing, as 
described in Section 52, “Configuring Internet Addressing,” on page 743, or you have configured the 
GWIA to ignore Internet-style addressing, as described in Section 53.1.3, “Configuring How the 
GWIA Handles Email Addresses,” on page 761. 


Syntax: --aql option 
Example: --aql po 


Option Description 


auto This option causes the gateway to include the addressing components reguired to make the user's 
address unigue. Ifa user ID is unigue in a GroupWise system, the outbound address uses only the 
user ID.Ifthe post office or domain.post office components are required to make the address 
unigue, these components are also included in the outbound address. The auto option is the 
default. 


userid This option reguires the gateway to include only the user ID in the outbound Internet address, 
even ifthe user ID is not unigue in the system. If a recipient replies to a user whose user ID is not 
unigue and no other gualifying information is provided, that reply cannot be delivered. 


po This option reguires the gateway to include post office.user ID in every outbound address, 
regardless of the unigueness or non-unigueness of the user ID. 


domain This option requires the gateway to include the fully qualified GroupWise address (domain. post 
office.user. ID) in every outbound address, regardless of the uniqueness or non-uniqueness of the 
user ID. This option guarantees the unigueness of every outbound Internet address, and ensures 
that any replies are delivered. 


--aqor 


The user part of a GroupWise user’s outbound Internet address (user@host) can and sometimes must 
include the full Groupwise address (domain. post_office.user_ID@host) in order to be unique. The --agor 
switch instructs the GWIA to move any GroupWise address components, except the user_ID 
component, to the right side of the address following the at sign (@). In this way, GroupWise 
addressing components become part of the host portion of the outbound Internet address. The --aql 
switch specifies which components are included. 


For example, if the --aqor switch is used (in conjunction with the --aql-domain switch), Bob 
Thompson’s fully qualified Internet address (headquarters.advertising.bob@novell.com) is 
resolved to bob@advertising. headquarters .novell.com for all outbound messages. 


If the --agor switch is used with the --aql-po switch, Bob’s Internet address is resolved to 
bob@advertising.novell.com for all outbound messages. 


If you use the --agor switch to move GroupWise domain or post office names to be part of the host 
portion on the right side of the address, you must provide a way for the DNS server to identify the 
GroupWise names. You must either explicitly name all GroupWise post offices and domains in your 
system as individual MX Records, or you can create an MX Record with wildcard characters to 
represent all GroupWise post offices and domains. For information about creating MX Records, see 
details found in RFC #974. 
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For details about this setting, see Section 53.1.3, “Configuring How the GWIA Handles Email 
Addresses,” on page 761. 


--ari 


Enables or disables additional routing information that is put in the SMTP return address to facilitate 
replies. This switch might be needed in large systems with external GroupWise domains in which the 
external GroupWise users have not been configured in your local domain. Options include Never and 
Always. Most sites do not need to use this switch. 


Syntax: --ari never lahways 


Example: --ari never 


--blockrulegenmsg 


In ConsoleOne, you can control whether or not rule-generated messages are allowed to leave your 
GroupWise system by selecting or deselecting the Rule-Generated Messages options available in each 
class of service defined for the GWIA. This switch allows you to be specific in the types of rule- 
generated messages that are blocked. 


Syntax: --blockrulegenmsg forward | reply | none | all 
Example: --blockrulegenmsg forward 


In order for this switch to take effect, senders must be in a class of service where rule-generated 
messages are allowed. For more information, see Section 54.1.2, “Creating a Class of Service,” on 
page 788. 


--dia 


GroupWise supports both Internet-style addressing (user@host) and GroupWise proprietary 
addressing (user_ID.post_office.domain). By default, the GWIA uses Internet-style addressing. See 
Section 53.1.3, “Configuring How the GWIA Handles Email Addresses,” on page 761. 


You can use this switch to disable Internet-style addressing. With Internet-style addressing disabled, 
messages use the mail domain name in the Foreign ID field in ConsoleOne (GWIA object > GroupWise 
> Identification) for the domain portion of a user’s Internet address. The GWIA continues to support 
user and post office aliases in either mode. 


Syntax: --dia 


--displaylastfirst 
By default, users’ display names are First Name Last Name. If you want users’ display names to be 


Last Name First Name, you can use the --displaylastfirst switch. This forces the display name format 
to be Last Name First Name, regardless of the preferred address format. 


Syntax: --displaylastfirst 


--dontreplaceunderscore 


By default, the GWIA accepts addresses of the format: 


firstname_lastname@internet_domain_name 


Using GWIA Startup Switches 865 


866 


Even though this is not an address format included in the Allowed Address Formats list in 
ConsoleOne for configuring Internet addressing, as described in Section 52.1.5, “Allowed Address 
Formats,” on page 747, you can use this switch to prevent this address format from being accepted by 
the GWIA. 


Syntax: --dontreplaceunderscore 


--fd822 


Specifies a return address for GroupWise replies. A message that has been received by a GroupWise 
user through the GWIA and is replied to has this return address form. These switches cause the 
GWIA to produce a return address of the form foreign domain.type:"user host." Foreign domain can be 
any foreign domain you have configured and linked to the GWIA. 


You can use the same foreign domain name for both the --fd822 switch and the --fdmime switch. You 
can specify multiple foreign domain and kind pairs by placing them in quotes. If multiple foreign 
domain and kind pairs are used, the first domain/kind pair is the return address for replies to 
messages received through the GWIA. The second domain/kind pair is checked to see what message 
format is used for old replies in the system. Up to four pairs can be specified with an 80-character 
limit. 

This switch lets you change your foreign domain names in your GroupWise system and still have 
replies work. For example, if your foreign domain is called faraway and you added a foreign domain 
called Internet, you could use --fd822-"internet.nonmime smtp.nonmime." This causes replies to have 


a return address of internet.nonmime.:"user@host." The GWIA would also recognize faraway. This 
switch also lets you migrate from one foreign domain to another. 


Most administrators do not need to use this switch. 
Syntax: --fd822 foreign_domain.type 


Example: --fd822 Internet.nonmime 


--fdmime 


Specifies a return address for GroupWise replies. A message that has been received by a GroupWise 
user through the GWIA and is replied to has this return address form. These switches cause the 
GWIA to produce a return address of the form foreign_domain.type:"user host." Foreign_domain can be 
any foreign domain you have configured and linked to the GWIA. Type can be either mime or 
nonmime. 


You can use the same foreign domain name for both the --fd822 switch and the --fdmime switch. 


You can specify multiple foreign domain and kind pairs by placing them in quotes. If multiple 
foreign domain and kind pairs are used, the first domain/kind pair is the return address for replies to 
messages received through the GWIA. The second domain/kind pair is checked to see what message 
format is used for old replies in the system. Up to four pairs can be specified with an 80-character 
limit. 


This switch lets you change your foreign domain names in your GroupWise system and still have 
replies work. For example, if your foreign domain is called SMTP and you add a foreign domain 
called Internet, you can use --fdmime-"internet.mime smtp.mime." This causes replies to have a 
return address of internet.mime:"user@host." The GWIA also recognizes SMTP. This switch also lets 
you migrate from one foreign domain to another. 


Most administrators do not need to use this switch. 


Syntax: --fdmime foreign_domain.type 


GroupWise 2012 Administration Guide 


Example: --fdmime Internet.mime 


--group 


Turns on distribution list expansion. By default, the GWIA does not expand distribution lists, which 
means that recipients listed in distribution lists do not receive incoming Internet messages that are 
addressed to distribution lists. 


Use this switch to expand distribution lists into individual email addresses of the distribution list 
members, so that the recipients in distribution lists do receive incoming Internet messages addressed 
to distribution lists. See Section 53.1.3, “Configuring How the GWIA Handles Email Addresses,” on 
page 761. 


Syntax: --group 


See also --nickgroup. 


--keepsendgroups 


Prevents the GWIA from expanding distribution lists on messages going to external Internet users so 
that the SMTP header does not become too large. 


Syntax: --keepsendgroups 


--msstu 


Replaces spaces with underscores (_) in the email address of the sender for outbound messages. For 
example, john smith becomes john_smith. 


It does not replace spaces in the addresses of recipients. 


Syntax: --msstu 


--nickgroup 


Turns on distribution list expansion only for distribution lists that have nicknames. By default, the 
GWIA does not expand distribution lists, which means that recipients listed in distribution lists do 
not receive incoming Internet messages that are addressed to distribution lists. If you use the --group 
switch, the GWIA expands all distribution lists. 


Use this switch to expand only nicknamed distribution lists. This means that recipients listed in 
nicknamed distribution lists do receive incoming Internet messages that are addressed to the 
nickname of the distribution list, but they do not receive incoming Internet messages that are 
addressed to distribution lists that do not have nicknames. For information about nicknames, see 
Section 14.7, “Managing User Email Addresses,” on page 247. See also Section 53.1.3, “Configuring 
How the GWIA Handles Email Addresses,” on page 761. 


Syntax: --nickgroup 


See also --group. 
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--nomappriority 


Disables the function of mapping an x-priority MIME field to a GroupWise priority for the message. 
By default, the GWIA maps x-priority 1 and 2 messages as high priority, x-priority 3 messages as 
normal priority, and x-priority 4 and 5 as low priority in GroupWise. 


Syntax: --nomappriority 


--notfamiliar 


Instructs the GWIA to not include the user's familiar name, or display name, in the From field of the 
message’s MIME header. In other words, the From field is address rather than "familiar. name" address. 


Syntax: --notfamiliar 


--realmailfrom 


Instructs the GWIA to use the real user in the Mail From field instead of having auto-forwards come 
from Postmaster and auto-replies come from Mailer-Daemon. 


Syntax: --realmailfrom 


Message Formatting and Encoding 


The following switches determine how the GWIA formats and encodes inbound and outbound email 
messages: 


--attachmsg 

--dbchar822 
--charsetconfidencelevel 
--defaultcharset 
--defaultnonmimecharset 
--force7bitout 
--1s088591is 

--koi8 

--mime 

--noiso2022 

--noqpmt 
--relayaddsignature 

--rt 

--st 

--uueaa 

--wrap 


For more information, see Section 7.4, “MIME Encoding,” on page 125. 


--attachmsg 


Instructs the GWIA to maintain the original format of any file type attachment. 


Syntax: --attachmsg 


868 GroupWise 2012 Administration Guide 


--Charsetconfidencelevel 


Sets the confidence level at which you want the GWIA to use the detected character set rather than 
the default character set when no character set is specified. The GWIA tries to detect the character set 
based on the presence or absence of certain characters in the text. The default confidence level is 25, 
meaning that if the detection process returns a confidence level of 25 or above, the GWIA uses the 
detected character set, but if the confidence level is less than 25, the GWIA uses the default character 
set. Valid values range from 0 to 100. 


Syntax: --charsetconfidencelevel number 


Example: --charsetconfidencelevel 35 


--dbchar822 


Instructs the GWIA to map inbound non-MIME messages to another character set that you specify. 
The mapped character set must be an Asian (double-byte) character set. 


Syntax: --dbchar822 charset 


Example: --dbchar822 shift_jis 


--defaultcharset 


Specifies what character set to use if no character set is specified in an incoming MIME-encoded 
message. 


Syntax: --defaultcharset charset 


Example: --defaultcharset iso-8859-1 


--defaultnonmimecharset 


Specifies what character set to use if no character set is specified in an incoming message that is not 
MIME encoded. The default is US_ASCII. 


Syntax: --defaultnonmimecharset charset 


Example: --defaultnonmimecharset iso-8859-1 


--force7bitout 


By default, the GWIA uses 8-bit MIME encoding for any outbound messages that are HTML- 
formatted or that contain 8-bit characters. If, after connecting with the receiving SMTP host, the 
GWIA discovers that the receiving SMTP host cannot handle 8-bit MIME encoded messages, the 
GWIA converts the messages to 7-bit encoding. 


You can use the --force7bitout switch to force the GWIA to use 7-bit encoding and not attempt to use 
8 bit MIME encoding. You should use this option if you are using a relay host that does not support 8- 
bit MIME encoding. See Section 53.1.1, “Configuring Basic SMTP/MIME Settings,” on page 757. 


Syntax: --force7bitout 
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--1s0885911is 


Instructs the GWIA to map inbound MIME ISO-8859-1 messages to another character set that you 
specify. 


Syntax: --iso88591is charset 


Example: --iso88591is big5 


--koi8 
Instructs the GWIA to map all outbound MIME messages to the KOI8 (Russian) character set. 


Syntax: --koi8 


--mime 


Instructs the GWIA to send outbound messages in MIME format rather than in RFC-822 format. If 
you've defined an RFC-822 non-GroupWise domain, as described in Section 6.8, “Adding External 
Users to the Group Wise Address Book,” on page 116, users can still send RFC-822 formatted 
messages by using the RFC-822 domain in the address string when sending messages. Removing the 
switch corresponds to enabling the Default Message Encoding: Basic RFC-822 switch in ConsoleOne. 
See Section 53.1.4, “Determining Format Options for Messages,” on page 763. 


Syntax: --mime 


--noiso2022 


Instructs the GWIA to not use ISO-2022 character sets. ISO-2022 character sets provide 7-bit encoding 
for Asian character sets. 


Syntax: --noiso2022 


--nqpmt 


Disables quoted printable message text for outbound messages. If this switch is turned on, messages 
are sent with Base64 MIME encoding, unless all the text is US-ASCII. If you use this switch you need 
to review the setting for the --wrap switch to ensure that message text wraps correctly. See 

Section 53.1.4, “Determining Format Options for Messages,” on page 763. 


Syntax: --ngpmt 


--relayaddsignature 


Appends the global signature to messages that are relayed through your GroupWise system (for 
example, messages from POP and IMAP clients) in addition to messages that originate within your 
GroupWise system. See Section 14.3, “Adding a Global Signature to Users’ Messages,” on page 231. 


Syntax: --relayaddsignature 
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--rt 


Specifies the maximum number of threads that the GWIA uses when converting inbound messages 
from MIME or RFC-822 format to the GroupWise message format. The default setting is 4. See 
Section 53.1.4, “Determining Format Options for Messages,” on page 763. 


Multiple threading allows for more than one receive process to be running concurrently. A receive 
request is assigned to a single thread and is processed by that thread. If you anticipate heavy inbound 
message traffic, you can increase the number of threads to enhance the speed and performance of the 
GWIA. The number of threads is limited only by the memory resources of your server. 


Syntax: --rt 


--St 


Specifies the maximum number of threads that the GWIA uses when converting outbound messages 
from GroupWise message format to MIME or RFC-822 format. The default setting is 4. See 
Section 53.1.4, “Determining Format Options for Messages,” on page 763. 


Multiple threading allows for more than one send process to be running concurrently. A send request 
is assigned to a single thread and is processed by that thread. If you anticipate heavy outbound 
message traffic, you can increase the number of threads to enhance the speed and performance of the 
GWIA. The number of threads is limited only by the memory resources of your server. 


Syntax: --st 


--uueaa 


Forces the GWIA to UUencode any ASCII text files attached to outbound RFC-822 formatted 
messages. This switch applies only if the --mime switch is not used. Without this switch, the GWIA 
includes the text as part of the message body. See Section 53.1.4, “Determining Format Options for 
Messages,” on page 763. 


Syntax: --uueaa 


--Wrap 


Sets the line length for outbound messages that do not use quoted printable or Base64 MIME 
encoding. This is important if the recipient's email system reguires a certain line length. See 
Section 53.1.4, “Determining Format Options for Messages,” on page 763. 


Syntax: --wrap line length 


Example: --wrap 72 


Forwarded and Deferred Messages 


The following switches configure how the GWIA handles forwarded and deferred messages: 


--flatfwd 
--delayedmsgnotification 
--maxdeferhours 
--msgdeferinterval 
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--flatfwd 


Automatically strips out the empty message that is created when a message is forwarded without 
adding text, and retains the original sender of the message, rather than showing the user who 
forwarded it. This facilitates users forwarding messages from GroupWise to other email accounts. 
Messages arrive in the other accounts showing the original senders, not the users who forwarded the 
messages from GroupWise. 


Syntax: --flatfwd 


--delayedmsgnotification 


Provides a notification message to users whose email messages cannot be immediately sent out 
across the Internet. This provides more noticeable notification to users than manually checking the 
Properties page of the sent item to see whether it has been sent. 


Syntax: --delayedmsgnotification 


See Section 53.1.1, “Configuring Basic SMTP/MIME Settings,” on page 757. 


--maxdeferhours 


Specifies the number of hours after which the GWIA stops trying to send deferred messages. The 
default is 96 hours, or four days. A deferred message is any message that can’t be sent because of a 
temporary problem (host down, MX record not found, and so on). See Section 53.1.1, “Configuring 
Basic SMTP/MIME Settings,” on page 757. 


Syntax: --maxdeferhours hours 


Example: --maxdeferhours 48 


--msgdeferinterval 


Specify in a comma-delimited list the number of minutes after which the GWIA retries sending 
deferred messages. The default is 20, 20, 20, 240. The GWIA interprets this list as follows: It retries 20 
minutes after the initial send, 20 minutes after the first retry, 20 minutes after the second retry, and 
240 minutes (4 hours) after the third retry. Thereafter, it retries every 240 minutes until the number of 
hours specified in the Maximum Number of Hours to Retry a Deferred Message field is reached. You can 
provide additional retry intervals as needed. It is the last retry interval that repeats until the 
maximum number of hours is reached. See Section 53.1.1, “Configuring Basic SMTP/MIME Settings,” 
on page 757. 


Syntax: --msgdeferinterval minutes,minutes...,minutes 


Example: --msgdeferinterval 10,10,10,120 


Extended SMTP 


The following switches configure the GWIA’s Extended SMTP (ESMTP) settings: 


--noesmtp 
--dsn 
--dsnage 
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--noesmtp 


Disables ESMTP support in the GWIA. 


Syntax: --noesmtp 


--dsn 


Enables Delivery Status Notification (DSN). The GWIA reguests status notifications for outgoing 
messages and supplies status notifications for incoming messages. This requires the external email 
system to also support Delivery Status Notification. Currently, notification consists of two delivery 
statuses: successful and unsuccessful. See Section 53.1.2, “Using Extended SMTP (ESMTP) Options,” 
on page 760. 


Syntax: --dsn 


--dsnage 


The --dsnage switch specifies the number of days that the GWIA retains information about the 
external sender so that status updates can be delivered to him or her. For example, the default DSN 
age causes the sender information to be retained for 4 days. If the GWIA does not receive delivery 
status notification from the GroupWise recipient’s Post Office Agent (POA) within that time period, it 
deletes the sender information and the sender does not receive any delivery status notification. See 
Section 53.1.2, “Using Extended SMTP (ESMTP) Options,” on page 760. 


Syntax: --dsnage 


59.6.7 Send/Receive Cycle and Threads 


The following switches configure the GWIA’s SMTP send/receive cycle and threads: 


=p 

--rd 

--sd 
--killthreads 
--smtpport 


“Pp 


Specifies how often, in seconds, the GWIA polls for outbound messages. The default,10 seconds, 
causes the GWIA to poll the outbound message directory every 10 seconds. See Section 53.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 757. 


Syntax: --p seconds 


Example: --p 5 


--rd 


Specifies the maximum number of threads used for processing SMTP receive requests (inbound 
messages). Each thread is equivalent to one connection. The default is 16 threads. See Section 53.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 757. 


Syntax: --rd number_of_threads 
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Example: --rd 20 


--Sd 


Specifies the maximum number of threads used for processing SMTP send requests (outbound 
messages). Each thread is equivalent to one connection. The default is 8 threads. See Section 53.1.1, 
“Configuring Basic SMTP/MIME Settings,” on page 757. 


Syntax: --sd number_of_threads 


Example: --sd 12 


--killthreads 


Instructs the GWIA to quickly terminate any active send/receive threads when it restarts. 


Syntax: --killthreads 


--smtpport (Linux only) 


Changes the SMTP listen port from the default of 25. Use this switch only if the GWIA is receiving 
messages only from SMTP hosts that can be configured to connect to GWIA on a specified port. 


Syntax: --smtpport 
Example: --smtpport 2525 


Dial-Up Connections 


SMTP dial-up services can be used when you don’t require a permanent connection to the Internet 
and want to periodically check for mail messages queued for processing. The following switches can 
be used when configuring dial-up services. For more information about dial-up services, see 

Section 53.1.7, “Configuring SMTP Dial-Up Services,” on page 767. 


--usedialup 

--etrnhost 

--etrnqueue 

/dialuser (Windows only) 
/dialpass (Windows only) 


--usedialup 


Enables SMTP dial-up services. See “Enabling Dial-Up Services” on page 767. 


Syntax: --usedialup 


--etrnhost 


Specifies the IP address or DNS hostname of the mail server where your mail account resides at your 
Internet Service Provider. You should obtain this address from your Internet Service Provider. See 
“Enabling Dial-Up Services” on page 767. 


Syntax: --etrnhost address 
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Example: --etrnhost 172.16.5.18 


--etrnqueue 


Specifies your email domain as provided by your Internet Service Provider. See “Enabling Dial-Up 
Services” on page 767. 


Syntax: --etrnqueue email_domain 


Example: --etrnqueue novell.com 


Idialuser (Windows Only) 


Specifies the RAS Security user if you are using a Windows Remote Access Server (RAS) and the 
GWIA is not running on the same server as the RAS. 


Syntax: /dialuser-user. name 


Example: /dialuser-rasuser 


Idialpass (Windows Only) 


Specifies the RAS Security user's password if you are using a Windows Remote Access Server (RAS) 
and the GWIA is not running on the same server as the RAS. 


Syntax: /dialpass-password 


Example: /dialpass-raspassword 


Timeouts 


The following switches specify how long SMTP services waits to receive data that it can process. 
After the time expires, the GWIA might give a TCP read/write error. Leave these switches at the 
default setting unless you are experiencing a problem with communication. 


--tc 


Specifies how long the program waits for an SMTP command. The default is 2 minutes. 
Syntax: --tc minutes 


Example: --tc 3 
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--td 


Specifies how long the program waits for data from the receiving host. The default is 5 minutes. 
Syntax: --td minutes 


Example: --td 2 


--te 


Specifies how long the program waits for the receiving host to establish a connection. The default is 5 
minutes. 


Syntax: --te minutes 


Example: --te 2 


--tg 


Specifies how long the program waits for the initial greeting from the receiving host. The default is 3 
minutes. 


Syntax: --tg minutes 


Example: --tg 2 


--tr 


Specifies how long the program waits for a TCP read. The default is 10 minutes. 
Syntax: --tr minutes 


Example: --tr 2 


--tt 


Specifies how long the program waits for the receiving host to terminate the connection. The default 
is 5 minutes. 


Syntax: --tt minutes 


Example: --tt 2 


Relay Host 


The following switch configures whether or not the GWIA uses a relay host. 


--mh 
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--mh 


Specifies the IP address or DNS hostname of one or more relay hosts that you want the GWIA to use 
for outbound messages. Use a space to separate multiple relay hosts in a list. 


The relay host can be part of your network or can reside at the Internet service provider's site. This 
switch is typically used in firewall integration if you want one server, the specified relay host, to route 
all mail. See Section 53.1.1, “Configuring Basic SMTP/MIME Settings,” on page 757. 


Syntax: --mh address 


Example: --mh 172.16.5.18 


Host Authentication 


The GWIA supports SMTP host authentication for both inbound and outbound message traffic. The 
following switches are used with inbound and outbound authentication: 


--forceinboundauth 
--forceoutboundauth 


--forceinboundauth 


Ensures that the GWIA accepts messages only from remote SMTP hosts that use the AUTH LOGIN 
authentication method to provide a valid GroupWise user ID and password. The remote SMTP hosts 
can use any valid GroupWise user ID and password. However, for security reasons, we recommend 
that you create a dedicated GroupWise user account for remote SMTP host authentication. 


Syntax: --forceinboundauth 


NOTE: Using the --forceinboundauth switch overrides the Prevent Message Relaying setting for the 
GWIA in ConsoleOne for POP and IMAP users. To completely prevent message relaying when using 
the --forceinboundauth switch, you must also specify the --disallowauthrelay switch. 


--forceoutboundauth 


Ensures that the GWIA sends messages only to remote SMTP hosts that are included ina 
gwauth.cfg text file. The remote SMTP hosts must support the AUTH LOGIN authentication 
method. 


The gwauth.cfg file must reside in the domain\wpgate\gwia directory and use the following format: 
domain name authuser authpassword 

For example: 

smtp.novell.com remotehost novell 


You can define multiple hosts in the file. Make sure you include a hard return after the last entry. 


If you use this switch, you need to include your GWIA as an entry in the gwauth.cfg file to enable 
status messages to be returned to GroupWise users. You can use any GroupWise user ID and 
password for your GWIA’s authentication credentials. However, for security reasons, we recommend 
that you create a dedicated GroupWise user account for your GWIA. 


Syntax: --forceoutboundauth 
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Undeliverable Message Handling 


The following switches determine how the GWIA handles undeliverable messages: 


--badmsg 
--fut 
--mudas 


--badmsg 


Specifies where to send problem messages. Problem messages can be placed in the GWIA problem 
directory (gwprob), they can be sent to the postmaster, or they can be sent to both or neither. The 
values for this switch are move, send, both, and neither. 


The move option specifies to place problem messages in the gwprob directory for the GWIA. The 
send option specifies to send the message as an attachment to the GWIA postmaster defined in 
ConsoleOne (GWIA object > Group Wise > Gateway Administrators). The both option specifies to move 
the message to gwprob and send it to the postmaster. The neither option specifies to discard problem 
messages. The default when no switch is specified is move. See Section 53.1.6, “Determining What to 
Do with Undeliverable Messages,” on page 766. 


Syntax: --badmsg move | send |both|neither 


Example: --badmsg both 


--fut 


Forwards undeliverable messages to the specified host. See Section 53.1.6, “Determining What to Do 
with Undeliverable Messages,” on page 766. 


Syntax: --fut host 


Example: --fut novell.com 


--mudas 


Controls how much of the original message is sent back when a message is undeliverable. By default, 
only 2 KB of the original message is sent back. The value is specified in KB (8=8KB). See 
Section 53.1.6, “Determining What to Do with Undeliverable Messages,” on page 766. 


Syntax: --mudas KB 


Example: --mudas 16 


Mailbomb and Spam Security 


Multiple unsolicited messages (sometimes called a mailbomb or spam) from the Internet can 
potentially harm your GroupWise messaging environment. At the least, it can be annoying to your 
users. You can use the following switches to help protect your GroupWise system from malicious, 
accidental, and annoying attacks: 


--disallowauthrelay 
--mbcount 
--mbtime 

--rejbs 
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--xspam 


--rbl 


--disallowauthrelay 


Prevents spammers from using GroupWise accounts to authenticate to the GWIA and using it as a 
relay host for their spam. It has no effect on normal GroupWise account usage in a GroupWise client 
or WebAccess. However, it does prevent users who access their GroupWise mailboxes from a POP or 
IMAP client from sending messages to users outside of the GroupWise system, because the GWIA 
identifies this activity as relaying. 


Syntax: --disallowauthrelay 


--mbcount 


Sets the number of messages that can be received from a single IP address in a given number of 
seconds before the GWIA denies access to its GroupWise system. It provides a form of system 
security to protect your system from mailbombs. 


For example, with --mbcount set to 25 and --mbtime set to 60 seconds, if these limits are exceeded the 
sender’s IP address is blocked from sending any more messages. The IP address of the sender is also 
displayed in the GWIA console. You can permanently restrict access to your system by that IP 
address through settings on the Access Control page in ConsoleOne (GWIA object > Access Control). 
By default, the mailbomb feature is turned off. To enable this feature, you must specify a value for 
mailbomb count and mailbomb time. See Section 54.2.4, “Mailbomb (Spam) Protection,” on page 801. 


Syntax: --mbcount-number 


Example: --mbcount 25 


--mbtime 


Specifies the mailbomb time limit in seconds. This switch works with the --mbcount switch to block 
access to your GroupWise system from unsolicited inundations of email. The default value is 10 
seconds. See Section 54.2.4, “Mailbomb (Spam) Protection,” on page 801. 


Syntax: --mbtime seconds 


Example: --mbtime 60 


--rejbs 


Prevents delivery of messages if the sender’s host is not authentic. When this switch is used, the 
GWIA refuses messages from a host if a DNS reverse lookup shows that a PTR record does not exist 
for the IP address of the sender’s host. See Section 54.2.4, “Mailbomb (Spam) Protection,” on 

page 801. 


If this switch is not used, the GWIA accepts messages from any host, but displays a warning if the 
initiating host is not authentic. 


Syntax: --rejbs 
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--Xspam 


Flags messages to be handled by the client Junk Mail Handling feature if they contain an x-spam- 
flag:yes in the MIME header. See Section 54.2.5, “Customized Spam Identification,” on page 802. 


Syntax: --xspam 


--rbl 


Lets you define the addresses of blacklist sites (free or fee-based) you want the GWIA to check for 
blacklisted hosts. If a host is included in a site’s blacklist, the GWIA does not accept messages from it. 


Syntax: --rbl bl.spamcop.net 


This switch corresponds to the Blacklist Addresses list (GWIA object > Access Control > Blacklists). For 
details about this setting, see Section 54.2.1, “Real-Time Blacklists,” on page 798. 


POP3 Switches 


The following optional startup switches that can be used to configure the GWIA's POP3 service: 


--nopopversion 
--pop3 
--popintruderdetect 
--popport 
--popsport 

--popssl 

=p 

--sslpt 


--nopopversion 


Suppresses the GroupWise version and copyright date information that the GWIA typically responds 
with when contacted by a POP client. 


Syntax: --nopopversion 


--pop3 


Enables POP3 client access to GroupWise mailboxes through the GWIA. See Section 53.2.1, “Enabling 
POP3/IMAP4 Services,” on page 778. 


Syntax: --pop3 


--popintruderdetect 


Instructs the GWIA to log POP email clients in through the POA so that the POA's intruder detection 
can take effect, if intruder has been configured in ConsoleOne (POA object > Client Access Settings > 
Intruder Detection). This switch cannot be used with older POAs that do not support intruder 
detection. 


Syntax: --popintruderdetect 
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--popport 


By default, the GWIA listens for POP3 connections on port 110. This switch allows you to change the 
POP3 listen port. 


Syntax: --popport port number 


Example: --popport 111 


--popsport 


By default, the GWIA listens for secure (SSL) POP3 connections on port 995. This switch allows you 
to change the POP3 SSL listen port. 


Syntax: --popsport port_number 


Example: --popsport 996 


--popssl 


Disables, enables, or requires secure (SSL) connections between POP3 clients and the GWIA. See 
Section 55.4, “Securing GWIA Connections with SSL,” on page 812. 


Syntax: --popssl enabled | disabled | required 


Example: --popssl required 


Option Description 


enabled The POP3 client determines whether an SSL connection or non-SSL connection is used. By 
default, the GWIA listens for SSL connections on port 995 and non-SSL connections on port 
110. You can use the --popsport and --popport switches to change these ports. 


required The GWIA forces SSL connections on port 995 and port 110. Non-SSL connections are denied. 
You can use the --popsport and --popport switches to change these ports. 


disabled The GWIA listens for connections only on port 110, and the connections are not secure. You can 
use the --popport switch to change this port. 


--pt 


Specifies the maximum number of threads to be used for POP3 connections. The default number is 
10. You are limited only by the memory resources of your server. See Section 53.2.1, “Enabling POP3/ 
IMAP4 Services,” on page 778. 


Syntax: --pt number_of_threads 


Example: --pt 15 


--ssipt 


Specify the maximum number of threads you want the GWIA to use for secure POP3 connections. 
You are limited only by the memory resources of your server. See Section 53.2.1, “Enabling POP3/ 
IMAP4 Services,” on page 778. 


Syntax: --sslpt number_of_threads 
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Example: --sslpt 15 


IMAP4 Switches 


The following optional startup switches that can be used to configure the GWIA's IMAP4 service: 


--imap4 
--imapport 
--imapreadlimit 
--imapreadnew 
--imapsport 
--imapssl 

--it 
--noimapversion 
--sslit 


--imap4 


Enables IMAP4 client access to GroupWise mailboxes through the GWIA. See Section 53.2.1, 
“Enabling POP3/IMAP4 Services,” on page 778. 


Syntax: --imap4 


--imapport 


By default, the GWIA listens for IMAP4 connections on port 143. This switch allows you to change 
the IMAP4 listen port. 


Syntax: --imapport port_number 


Example: --imapport 144 


--imapreadlimit 


By default, the GWIA downloads a maximum of 20,000 items at a time. This switch allows you to 
specify, in thousands, the maximum number of items you want the GWIA to download. For example, 
specifying 30 indicates 30,000. 


Syntax: --imapreadlimit number_of_items 


Example: --imapreadlimit 30 


--imapreadnew 


By default, the GWIA reads items in a folder from the oldest to the newest. As a result, if a folder 
contains more items than are allowed by the /imapreadlimit setting, users receive the older items but 
not the newer items. Enable this switch so that the GWIA reads items from the newest to the oldest. 
This ensures that users receive all their new items in a timely manner. 


Syntax: --imapreadnew 
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--Imapsport 


By default, the GWIA listens for secure (SSL) IMAP4 connections on port 993. This switch allows you 
to change the IMAP4 SSL listen port. 


Syntax: --imapsport port number 


Example: --imapsport 994 


--imapssl 


Disables, enables, or requires secure (SSL) connections between IMAP4 clients and the GWIA. See 
Section 55.4, “Securing GWIA Connections with SSL,” on page 812. 


Syntax: --IMAP4ssl enabled | disabled | required 


Example: --popssl required 


Option Description 


enabled The IMAP4 client determines whether an SSL connection or non-SSL connection is used. By 
default, the GWIA listens for SSL connections on port 993 and non-SSL connections on port 
143. You can use the --imapsport and --imapport switches to change these ports. 


required The GWIA forces SSL connections on port 993 and port 143. Non-SSL connections are denied. 
You can use the --imapsport and --imapport switches to change these ports. 


disabled The GWIA listens for connections only on port 143, and the connections are not secure. You can 
use the --imapport switch to change this port. 


--it 


Specifies the maximum number of threads to be used for IMAP4 connections. The default number is 
10. You are limited only by the memory resources of your server. See Section 53.2.1, “Enabling POP3/ 
IMAP4 Services,” on page 778. 


Syntax: --it number_of_threads 


Example: --it 15 


--noimapversion 


Suppresses the GroupWise version and copyright date information that the GWIA typically responds 
with when contacted by an IMAP client. 


Syntax: --noimapversion 


--SSlit 


Specify the maximum number of threads you want the GWIA to use for secure IMAP4 connections. 
You are limited only by the memory resources of your server. See Section 53.2.1, “Enabling POP3/ 
IMAP4 Services,” on page 778. 


Syntax: --sslit number. of threads 


Example: --sslit 15 
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HTTP (Web Console) Switches 


The following switches enable the HTTP Web console and control its configuration settings. The Web 
console enables you to monitor the GWIA through a Web browser. For more information, see 
Section 56.2, “Using the GWIA Web Console,” on page 827. 


--httpport 
--httpuser 
--httppassword 
--httprefresh 
--httpssl 


--httpport 


Specifies the port where the GWIA listens for the Web console. The default port established during 
installation is 9850. 


Syntax: --httpport port_number 


Example: --httpport 9851 


--httpuser 


By default, any user who knows the GWIA’s address and port (--httpport) can use the Web console. 
This switch adds security to the Web console by forcing users to log into the Web console using the 
specified user name. The --httppassword switch must also be used to establish the user password. 


Syntax: --httpuser user_name 
Example: --httpuser gwia 


The user_name can be any arbitrary name. 


--httppassword 


Specifies the password that must be supplied along with the user name provided by --httpuser. 
Syntax: --httppassword password 


Example: --httppassword monitor 


--httprefresh 


By default, the GWIA refreshes the Web console information every 60 seconds. You can use this 
switch to override the default refresh interval. 


Syntax: --httprefresh seconds 


Example: --httprefresh 120 
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59.9.5  --httpssli 


Enables the GWIA to use a secure connection to a Web browser being used to display the GWIA Web 
console. The Web browser must also be enabled to use SSL; if it is not, a non-secure connection is 
used. See Section 55.4, “Securing GWIA Connections with SSL,” on page 812. 


Syntax: --httpssl 


59.10 SSL Switches 


The GWIA can use SSL to enable secure SMTP, POP, IMAP, and HTTP connections. The following 
switches can be used to 1) specify the server certificate file, key file, and key file password required 
for SSL and 2) enable or disable SSL for SMTP, POP, IMAP, and HTTP connections. See Section 55.4, 
“Securing GWIA Connections with SSL,” on page 812. 


--certfile 
--keyfile 
--keypasswd 
--smtpssl 
--httpssl 


--popssl 
--imapssl 
--Idapssl 


59.10.1 --certfile 


Specifies the server certificate file to use. The file must be in Base64/PEM or PFX format. If the file is 
not in the same directory as the GWIA program, specify the full path. 


Syntax: --certfile file name 


Example: --certfile \ \server1\sys\serverl.crt 


59.10.2 --keyfile 


Specifies the private key file to use. The key file is reguired if the certificate file does not contain the 
key. If the certificate file contains the key, do not use this switch. When specifying a file name, use the 
full path if the file is not in the same directory as the GWIA program. 


Syntax: --keyfile file name 
Example: --keyfile \ \server1 \sys\server1.key 


59.10.3 --keypasswd 


Specifies the private key password. If the key does not require a password, do not use this switch. 
Syntax: --keypasswd password 


Example: --keypasswd novell 
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59.10.4 --smtpssl 


Enables the GWIA to use a secure connection to other SMTP hosts. The SMTP host must also be 
enabled to use SSL or TLS (Transport Layer Security); if it is not, a non-secure connection is used. 
Valid settings are enabled and disabled. 


Syntax: --smtpssl setting 


Example: --smtpssl enabled 


59.10.5 --httpssl 


Enables the GWIA to use a secure connection to a Web browser being used to display the GWIA Web 
console. The Web browser must also be enabled to use SSL; if it is not, a non-secure connection is 
used. Valid settings are enabled and disabled. 


Syntax: --httpssl setting 


Example: --httpssl enabled 


59.10.6 --popssl 


Disables, enables, or requires secure (SSL) connections between POP3 clients and the GWIA. 
Syntax: --popssl enabled | disabled | required 


Example: --popssl required 


Option Description 


enabled The POP3 client determines whether an SSL connection or non-SSL connection is used. By 
default, the GWIA listens for SSL connections on port 995 and non-SSL connections on port 110. 
You can use the --popsport and --popport switches to change these ports. 


required The GWIA forces SSL connections on port 995 and port 110. Non-SSL connections are denied. 
You can use the --popsport and --popport switches to change these ports. 


disabled The GWIA listens for connections only on port 110, and the connections are not secure. You can 
use the --popport switch to change this port. 


59.10.7 --imapssl 


886 


Disables, enables, or reguires secure (SSL) connections between IMAP4 clients and the GWIA. 
Syntax: --IMAP4ssl enabled | disabled | required 


Example: --popssl required 


Option Description 


enabled The IMAP4 client determines whether an SSL connection or non-SSL connection is used. By 
default, the GWIA listens for SSL connections on port 993 and non-SSL connections on port 143. 
You can use the --imapsport and --imapport switches to change these ports. 


reguired The GWIA forces SSL connections on port 993 and port 143. Non-SSL connections are denied. 
You can use the --imapsport and --imapport switches to change these ports. 


GroupWise 2012 Administration Guide 


59.10.8 
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Option Description 


disabled The GWIA listens for connections only on port 143, and the connections are not secure. You can 
use the /imapport switch to change this port. 


Ildapssl 


Instructs the GWIA to use a secure (SSL) connection with an LDAP server. For more information 
about why the GWIA would need to connect to an LDAP server, see Section 59.11, “LDAP Switches,” 
on page 887 


Syntax: /Idapssl 


LDAP Switches 


The GWIA can perform GroupWise authentication of POP3/IMAP4 clients through an LDAP server 
and can also perform LDAP queries for Group Wise information. see Section 53.3.1, “Enabling LDAP 
Services,” on page 783. 


The following sections describe the switches reguired to configure this functionality: 


+ Section 59.11.1, “GroupWise Authentication Switches,” on page 887 
+ Section 59.11.2, “LDAP Query Switches,” on page 888 


GroupWise Authentication Switches 


When a POP3/IMAP4 user attempts to access a GroupWise mailbox on a post office that has been 
configured for LDAP authentication, the GWIA connects to the post office’s POA, which then 
connects to the LDAP server so that the LDAP server can authenticate the user. 


This process works automatically if the GWIA’s link to the post office is client/server (meaning that it 
communicates through TCP/IP to the post office’s POA). If the GWIA is using a direct link to the post 
office directory rather than a client/server link to the post office’s POA, the GWIA must communicate 
directly with the LDAP server rather communicate through the POA. 


The following switches are used to provide the GWIA with the required LDAP server information: 


--ldapipaddr 
--Idapport 
--Idapssl 
--Idapuser 
--Idappwd 


--Idapipaddr 

Specifies the IP address of the LDAP server through which GroupWise authentication takes place. 
Syntax: --Idapipaddr address 

Example: --ldapipaddr 172.16.5.18 
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--Idapport 


Specifies the port number being used by the LDAP server. The standard non-SSL LDAP port number 
is 389. The standard SSL LDAP port number is 636. 


Syntax: --Idapport number 


Example: --Idapport 389 


--Idapssi 


Instructs the GWIA to use a secure (SSL) connection with the LDAP server. 


Syntax: --ldapssl 


--Idapuser 


Specifies a user that has rights to the LDAP directory. The user must have at least Read rights. 
Syntax: --Idapuser user. name 


Example: --Idapuser ldap 


--Idappwd 


Specifies the password of the user specified by the --Idapuser switch. 
Syntax: --ldappwd password 
Example: --ldappwd pwd1 


LDAP Query Switches 


The GWIA can function as an LDAP server, allowing LDAP queries for GroupWise user information 
contained in the directory. The following switches configure the GWIA as an LDAP server. 


--ldap 

--Idapthrd 
--Idapentxt 
--Idaprefurl 
--Idaprefcntxt 
--Idapserverport 
--Idapserversslport 


--Idap 


Enables the GWIA as an LDAP server. 


Syntax: --Idap 
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--Idapthrd 


Specifies the maximum number of threads the GWIA can use for processing LDAP gueries. The 
default is 10. 


Syntax: --Idapthrd number 
Example: --Idapthrd 5 


--Idapentxt 


Limits the directory context in which the LDAP server searches. For example, you could limit LDAP 
searches to a single Novell organization container located under the United States country container. 


If you restrict the LDAP context, you must make sure that users, when defining the directory in their 
email client, enter the same context (using the identical text you did) in the Search Base or Search 
Root field. 


Syntax: --Idapentxt "context" 


Example: --Idapcntxt "O=Novell,C=US" 


--Idaprefurl 


Defines a secondary LDAP server to which you can refer an LDAP guery if the guery fails to find a 
user or address in your GroupWise system. For this option to work, the reguesting Web browser 
must be able to track referral URLs. 


Syntax: --Idaprefurl url 
Example: --Idapurl Idap://Idap.provider.com 


--Idaprefcntxt 


Limits the directory context in which the secondary (referral) LDAP server searches. 
Syntax: --Idaprefcntxt "context" 


Example: --Idaprefcntxt "O=Novell,C=US" 


--Idapserverport 


Changes the LDAP listen port from the default of 389. 
Syntax: --Idapserverport port. number 


Example: --Idapserverport 390 


--Idapserversslport 
Changes the LDAP SSL listen port from the default of 636. 
Syntax: --Idapserversslport port number 


Example: --Idapserverssiport 637 
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Log File Switches 


The following switches control how the GWIA uses the log file. The log file keeps a record of all 
GWIA activity. See Section 56.6, “Using GWIA Log Files,” on page 833. 


--loglevel 
--logmax 


--log 


The default location for GWIA log files varies by platform: 


Linux: /var/log/novell/groupwise/domain name.gwia 

Windows domain\wpgate\gwia\000.pre 

The log files are named after the month, day, and log number for that date (mnddgwia . nn).You can 
use the --log switch to redirect the log files to a different location. 

Syntax: --log-log file directory 

Linux Example: --log /opt/novell/groupwise/agents/log 


Windows Example: --log-c:\log\ gwia 


--logdays 


By default, log files are deleted after 30 days. This switch overrides the default setting. The range is 
from 1 to 360 days. 


Syntax: --logdays days 
Example: --logdays 5 


--loglevel 


Defines the amount of information to record in log files. 
The values are: 

+ Diagnostic 

+ Verbose 


+ Normal (Default) 
+ Off 


Syntax: --loglevel level 


Example: --loglevel verbose 
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59.12.4 --logmax 


Controls the maximum amount of disk space for all log files. The amount of disk space each log file 
consumes is added together to determine the total amount of disk space used. When the limit is 
reached, the GWIA deletes the existing log files, starting with the oldest one. The default is 102400 
(100 MB). The maximum allowable setting is 102400000 (1 GB). Specify 0 (zero) for unlimited disk 
space. 


Syntax: --logmax KB 
Example: --logmax 512 


Using GWIA Startup Switches 891 


892 GroupWise 2012 Administration Guide 


XI | | WebAccess 


* Chapter 60, “Accessing Your GroupWise Mailbox in a Web-Based Environment,” on page 895 
* Chapter 61, “Scaling Your GroupWise WebAccess Installation,” on page 899 

* Chapter 62, “Configuring the WebAccess Application,” on page 903 

* Chapter 63, “Monitoring the WebAccess Application,” on page 917 


For a complete list of port numbers used by the WebAccess Application, see Section A.7, “WebAccess 
Application Port Numbers,” on page 1172. 


For detailed Linux-specific WebAccess Application information, see Appendix C, “Linux 
Commands, Directories, and Files for GroupWise Administration,” on page 1179. 


For additional assistance in managing the WebAccess Application, see GroupWise Best Practices 
(http://wiki.novell.com/index.php/GroupWise). 


WebAccess 893 
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Accessing Your GroupWise Mailbox in a 
Web-Based Environment 


GroupWise WebAccess consists of the WebAccess Application, which is installed to your Web server, 
and the WebAccess user interface, where users work in their GroupWise mailboxes. WebAccess 
offers three different Web-based environments for users. All three environments are made available 
when you install the WebAccess Application. 


+ Section 60.1, “Using WebAccess on a Desktop Workstation,” on page 895 
+ Section 60.2, “Using WebAccess on a Tablet Device,” on page 896 
+ Section 60.3, “Using the WebAccess Basic Interface on a Mobile Device,” on page 897 


60.1 Using WebAccess on a Desktop Workstation 


1 To access GroupWise WebAccess in a desktop browser, use the following URL: 
http://web_server_address/gw/webacc 


Replace web_server_address with the IP address or DNS hostname of your Web server. If the Web 
server uses SSL, use https rather than http. 


Username 


2 Type your GroupWise user ID in the Username box and your GroupWise mailbox password in 
the Password box. 
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3 (Optional) If you are in a secure location, select This is a private computer. 


On a private computer in a secure location, the default WebAccess timeout is 480 minutes (8 
hours), which is convenient for day-long use. On a public or shared computer, the default 
timeout is 20 minutes, which protects your personal data. You can change these settings, as 
described in Section 62.2.1, “Setting the Timeout Interval for Inactive Sessions,” on page 907. 


4 (Optional) To change the WebAccess interface language, click Options, then select the language 
you want from the Language drop-down list. 


5 Click Login to display the GroupWise WebAccess main window. 
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Mc 2 Marie Barnard Conference number 8/23/11 2:21 PM 2 KB 
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Br nett Marie Barnard Please forward along to your teams 8/12/11 2:00 PM 2KB 
| Frequent Contacts 
M Taskiist mea Marie Barnard Fwd: Meeting 8/8/11 11:39 AM 2KB 
M Tasklis 


E Work in Progress 


E cabinet 
Ü trash 


6 Click Help for more information about using GroupWise WebAccess. 


60.2 Using WebAccess on a Tablet Device 


1 To access GroupWise WebAccess on your Apple iPad, use the following URL: 
http://web_server_address/gw/webacc 


Replace web_server_address with the IP address or DNS hostname of your Web server. If the Web 
server uses SSL, use https rather than http. The WebAccess Application detects that it is 
communicating with a tablet device and provides the WebAccess Mobile interface. 
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Settings » 


or 
(Conditional) If you have a tablet device that is not yet supported, but you want to see how well 
the mobile interface works on your device, use the following URL: 


http://web server address/gw/webacc?User.interface=mobile 


2 Type your GroupWise user ID inthe Username box and your GroupWise mailbox password in 
the Password box. 


3 (Optional) To change the WebAccess interface language, click Settings, then select the language 
you want from the Language drop-down list. 


4. Click Login to display the GroupWise WebAccess main window on your iPad. 


Move Groupe (Mare Barnard) 


5 Click More > Help for more information about using Group Wise WebAccess on your iPad. 


60.3 Using the WebAccess Basic Interface on a Mobile Device 


1 To access GroupWise WebAccess in the Web browser on your mobile device such as a cell 
phone, use the following URL: 
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http://web server address/gw/webacc 


Replace web server. address with the IP address or DNS hostname of your Web server. If the Web 
server uses SSL, use https rather than http. The WebAccess Application detects that it is 
communicating with a mobile device such as a cell phone and provides the WebAccess basic 
interface. 


Enter your GroupWise user ID and GroupWise mailbox ID. 


The appearance of the WebAccess basic interface varies, depending on the size of the screen 
where itis displayed. 


Novell GroupWise 


«Mailbox (Æ Compose 
BEoders @jAddress Book 
ElCalendar |") Documents 
J-Eind M Options 

È Exit 


About Novell GroupWise 


For more information about using WebAccess on your mobile device, see the WebAccess Basic 
Interface Quick Start (http://www.novell.com/documentation/groupwise2012/pdfdoc/ 
gw2012 gs webaccbasic/gw2012 gs webaccbasic.pdf). 


Follow the instructions in your mobile device's documentation to add this URL to your Favorites 
or Bookmarks so you don't need to type the URL every time you log in on your mobile device. 


As an alternative to this limited interface, you can synchronize GroupWise data to your mobile 
device using the Novell Data Synchronizer Mobility Pack. For more information, see the Novell Data 
Synchronizer Documentation Web site (http://www.novell.com/documentation/datasynchronizer1). 
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Scaling Your GroupWise WebAccess 
Installation 


If your GroupWise system is relatively small (one domain and a few post offices) and all post offices 
reside in the same location, installing the GroupWise WebAccess Application on one Web server 
might meet your needs. However, if your GroupWise system is large, spans multiple locations, or 
reguires failover support, you might need to install the WebAccess Application on multiple Web 
servers to meet the reliability, performance, and availability needs of your GroupWise WebAccess 
users. 


The following sections provide information about the various configurations you can implement and 
instructions to help you create the configuration you choose: 

+ Section 61.1, “WebAccess Configurations,” on page 899 

+ Section 61.2, “WebAccess Installation on Additional Web Servers,” on page 901 


For information about installing the initial instance of the WebAccess Application, see “Installing 
GroupWise WebAccess” in the GroupWise 2012 Installation Guide. 


61.1 WebAccess Configurations 


Depending on the needs of your GroupWise system, it might be necessary for you to have multiple 
Web servers running the WebAccess Application. 

+ Section 61.1.1, “Basic WebAccess Application Installation,” on page 899 

+ Section 61.1.2, “Multiple POAs for a WebAccess Application,” on page 900 

+ Section 61.1.3, “Multiple DVAs for a WebAccess Application,” on page 900 


+ Section 61.1.4, “Multiple WebAccess Applications and Web Servers for a Large WebAccess 
Installation,” on page 900 


61.1.1 Basic WebAccess Application Installation 


A basic installation of GroupWise WebAccess requires the WebAccess Application, a POA, and a 
DVA, as shown in the following diagram. 


Post Document 
WebAccess Office Viewer 
Application Agent Agent 
= à = 
Web Web | 
Browser Server 
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61.1.2 


61.1.3 


61.1.4 


Multiple POAs for a WebAccess Application 


When you install the WebAccess Application, you configure it to communicate with a single POA. 
However, in this simple configuration, if that POA goes down, WebAccess users cannot access their 
mailboxes, even if all other the POAs in your GroupWise system are still running. Configuring the 
WebAccess Application for multiple POAs provides more stable access. Three POAs are 
recommended, but there is no limit to the number of POAs that you can configure the WebAccess 
Application to communicate with. When a POA stops responding, the WebAccess Application 
contacts the next POA in the list to provide uninterrupted access (except, of course, for the users 
whose mailboxes are in the post office where the POA is down). 

Post 
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Multiple DVAs for a WebAccess Application 


When you install the WebAccess Application, you configure it to communicate with a single DVA. 
Again, inthis simple configuration, if that DVA goes down, no WebAccess users can view attached 
documents until that DVA is running again. Configuring the WebAccess Application for multiple 
DVAs provides more reliable document conversion. Three DVAs are recommended, but there is no 
limit to the number of DVAs that you can configure the WebAccess Application to communicate 
with. When a DVA stops responding, the WebAccess Application contacts the next DVA in the list to 
provide uninterrupted document conversion. 
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Multiple WebAccess Applications and Web Servers for a Large 
WebAccess Installation 


In a larger GroupWise system, you can install the WebAccess Application to multiple Web servers. 


900 GroupWise 2012 Administration Guide 


61.2 


Q 


Firewall 


Post Document 
WebAccess Office Viewer 
Application Agent Agent 
(9 | 
= N 4 à 
| SS web t jj 
Web N Server 
Browser NS 
3S 
RS Post Document 
NS WebAccess Office Viewer 
Y Application Agent Agent 
LE Sat 
(i = 7" Æ 
=, > LS cm = — Jj <> > 
N 5 
Web à 
Browser Reverse t 
Internet Proxy 
Server 
Document 
WebAccess Office Viewer 
Application Agent Agent 


© 


Web 
Browser 


There are various reasons why you might want to add additional WebAccess Applications, 
including: 


+ 


Improving WebAccess reliability: One WebAccess Application might provide sufficient access 
and performance, but you want to protect against downtime that would occur if the WebAccess 
Application became unavailable because of Web server failure or some other reason. Installing 
more than one WebAccess Application enables you to set up failover support to make your 
system more reliable. 


Improving WebAccess performance: The WebAccess Application is designed to be close to 
GroupWise post offices. It requires SOAP access to the POAs. For best performance, you should 
ensure that the WebAccess Application is on the same local area network as the POA that it 
communicates with. For example, in most cases you do not want a WebAccess Application in 
Los Angeles communicating with a POA in London. 


Improving WebAccess availability: Adding additional WebAccess Applications enables 
GroupWise WebAccess users on an intranet to access GroupWise through an internal Web 
server and WebAccess users on the Internet to access GroupWise through an exposed Web 
server. 

Improving Web server performance: Adding additional WebAccess Applications increases 


Web server performance by balancing the workload among several Web servers, especially if 
you are using the Web server for other purposes in addition to GroupWise WebAccess. 


WebAccess Installation on Additional Web Servers 


On each Web server where you want to install the WebAccess Application, follow the instructions in 
“Installing GroupWise WebAccess” in the GroupWise 2012 Installation Guide. 


When you have multiple WebAccess Applications for your GroupWise system, you must select one 
Web server to have a friendly hostname such as gwmail . yourcompanyname . com that users can type 
in their Web browsers. Then you set up a DNS redirection so that gwmail . yourcompanyname.com 
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automatically redirects to https: //gwmail . yourcompanyname.com/gw/webacc. The WebAccess 
Application on that main Web server communicates with a POA, which then redirects the WebAccess 
user to the proper post office and POA for mailbox access. 
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62.1 


Configuring the WebAccess Application 


For WebAccess system reguirements, see “WebAccess System Reguirements” in the GroupWise 2012 
Installation Guide. For detailed instructions about installing and setting up the WebAccess Application 
for the first time, see “Installing Group Wise WebAccess” in the GroupWise 2012 Installation Guide. 


The default configuration of WebAccess is adeguate for users to start accessing their GroupWise 
mailboxes from Web browsers. You can customize the WebAccess configuration to meet the specific 
needs of you and your GroupWise users by editing the webacc.cfg file. 


+ Section 62.1, “Customizing the Configuring Multiple POAs for the WebAccess Application 
WebAccess Application,” on page 903 Configuring Multiple DVAs for the WebAccess Application 
Adjusting Session Security 
Accommodating Single Sign-On Products 


+ Section 62.2, “Managing User Access,” on Setting the Timeout Interval for Inactive Sessions 
page 907 Customizing Auto-Save Functionality 


Preventing Users from Changing Their GroupWise 
Passwords in WebAccess 


Helping Users Who Forget Their GroupWise Passwords 
Controlling WebAccess Usage 


+ Section 62.3, “Customizing User Customizing the WebAccess User Interface with Your 
Functionality,” on page 911 Company Logo 
Controlling Viewable Attachment Types 
Controlling Viewable Attachment Size 
Customizing the Default Calendar View 
Customizing the Default List Functionality 
Enabling an LDAP Address Book 


Customizing the WebAccess Application 


The WebAccess Application, which resides on the Web server, provides the GroupWise WebAccess 
user interface. As users perform actions in GroupWise WebAccess, the WebAccess Application 
passes information between the Web browser, the POA, and the DVA. 


During installation, the WebAccess Application is set up with a default configuration in the 
webacc .cfg file. You can modify the WebAccess Application configuration to meet the needs of your 
WebAccess users and your administrator preferences. 

+ Section 62.1.1, “Editing the webacc.cfg File,” on page 904 

+ Section 62.1.2, “Configuring Multiple POAs for the WebAccess Application,” on page 904 

+ Section 62.1.3, “Configuring Multiple DVAs for the WebAccess Application,” on page 905 

+ Section 62.1.4, “Adjusting Session Security,” on page 905 
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62.1.1 


62.1.2 


+ Section 62.1.5, “Accommodating Single Sign-On Products,” on page 906 
+ Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906 


Editing the webacc.cfg File 
The location of the webacc.cfg file varies by platform: 


Linux: /var/opt/novell/groupwise/webaccess 


Windows: c:\Novell\GroupWise\webaccess 


You can use any ASCII text edit that you prefer to edit the webacc. cfg file. 


IMPORTANT: We strongly recommend that you do not modify any settings that are not 
documented in the following sections. 


Configuring Multiple POAs for the WebAccess Application 


When you install the WebAccess Application, you configure it to communicate with a single POA. 
After installation, you can configure the WebAccess Application to communicate with multiple 
POAs. There is no limit to the number of POAs you can specify. Three POAs is recommended. The 
POAs you specify must be configured for SOAP. 


If the POA that the WebAccess Application is communicating with becomes unavailable, the 
WebAccess Application contacts the next POA in the list, providing uninterrupted service for 
WebAccess users. 


To specify additional POAs: 


1 Open the webacc.cfg file in a text editor. 


2 Search to find the following lines: 


Provider.SOAP.1.ip= 
Provider.SOAP.1.port= 


These lines identify the POA that you specified during installation. 
3 Copy and paste those two lines, replace 1 with 2, then specify the IP address and SOAP port of a 
another POA, for example: 


Provider.SOAP.2.ip=172.16.5.18 
Provider.SOAP.2.port=7191 


4 Repeat Step 3, incrementing the number, and providing the IP addresses and SOAP ports for 
additional POAs as needed. 


5 Save the webacc.cfg file. 


6 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 
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62.1.4 


Configuring Multiple DVAs for the WebAccess Application 


When you install the WebAccess Application, you configure it to communicate with a single DVA. 
After installation, you can configure the WebAccess Application to communicate with multiple 
DVAs. There is no limit to the number of DVAs you can specify. Three DVAs is recommended. 


If the DVA that the WebAccess Application is communicating with becomes unavailable, the 
WebAccess Application contacts the next DVA inthe list, providing uninterrupted document 
conversion for viewing attachments in HTML format. 


To specify additional POAs: 


1 Openthe webacc.cfgfile in a text editor. 
2 Search to find the following lines: 


Provider.DVA.1.ip= 
Provider.DVA.1.port= 


These lines identify the DVA that you specified during installation. 
3 Copy and paste those two lines, replace 1 with 2, then specify the IP address and SOAP port of a 
another DVA, for example: 


Provider.DVA.2.ip=172.17.5.18 
Provider.DVA.2.port=8301 


4 Repeat Step 3, incrementing the number, and providing the IP addresses and SOAP ports for 
additional DVAs as needed. 


5 Save the webacc.cfg file. 


6 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


Adjusting Session Security 


By default, the WebAccess Application uses the Web browser IP address of the WebAccess user to 
confirm that, during the same session, it is always communicating with the same user. This is the 
highest form of security and works well for users on desktop workstations. However, for laptops and 
mobile devices that are carried to different places, possibly from one network segment to another, 
this level of security can cause interruptions in user sessions. 


Other WebAccess Application security features, such as session cookies, provide excellent security, 
even without the IP address checking. If you have a large number of mobile WebAccess users, you 
can turn off the Web browser IP address confirmation to make WebAccess more stable for these 
mobile users. 


To disable IP address checking: 
1 Open the webacc.cfg file in a text editor. 
2 Search to find the following line: 
Security.UseClientIP.enable= 


3 Change true to false. 
4 Save the webacc.cfg file. 
5 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 
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62.1.6 


Accommodating Single Sign-On Products 


Some organizations choose to place a single sign-on product such as Novell Identity Manager (IDM) 
(http://www.novell.com/products/identitymanager) between users on the Web and the applications 
they access that are running behind the organization's firewall. If you use a single sign-on product 
with WebAccess, you must configure the WebAccess Application to accommodate the single sign-on 
product. 

1 Openthe webacc.cfgfile in a text editor. 


2 Search to find the following line: 
#Cookie.domain=.novell.com 


3 Remove the pound sign (#) to activate the setting. 


4 Replace .novell.com with the part of your organization's Internet domain name that is 
common between the single sign-on product and the Web server where the WebAccess 
Application is installed. 


For example, if the IDM server is at idm. novell .com and the WebAccess Application is at 
webacc.novell.com, the domain name used to create cookies would be .novell.com, so that 
the cookies are accepted by both servers. 


5 Save the webacc.cfg file. 
6 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


Putting WebAccess Configuration Changes into Effect 


+ “Accepting the Default Time Interval” on page 906 
+ “Changing the Default Time Interval” on page 906 
+ “Immediately Putting the Configuration Changes into Effect” on page 907 


Accepting the Default Time Interval 


By default, the WebAccess Application checks the webacc . cfg file and the gwac.xm1 file for changes 
every 10 minutes. When it finds changes, it puts the changes into effect without restarting Tomcat. If 
you are satisfied with having your changes put into effect within this time interval, no action is 
required on your part after you edit the webacc.cfg file or the gwac.xml file. 


Changing the Default Time Interval 


You can change the time interval at which the WebAccess Application checks the webacc . cfg file and 
the gwac.xml file for changes. 


1 Openthe webacc.cfgfile in a text editor. 
2 Search to find the following line: 
Config.Update.check=10 


3 Change 10 to the number of minutes you want the WebAccess Application to wait before 
checking for changes to its configuration file. 


4 Save the webacc.cfg file. 
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62.2.1 


Immediately Putting the Configuration Changes into Effect 


You can also manually restart Tomcat in order to put the changes into effect immediately. 
OES 11: rcnovell-tomcat6 stop 
rcnovell-tomcat6 start 


OES 2 Linux: rcnovell-tomcat5 stop 
rcnovell-tomcat5 start 


SLES 11: rctomcat6 stop 
rctomcat6 start 


SLES 10: rctomcat5 stop 
rctomcat5 start 


Windows: 1. At the Windows server, click Start > Administrative Tools > Services. 


2. Right-click Tomcat 6, then click Restart. 


Managing User Access 


You can manage various aspects of GroupWise WebAccess user sessions. 


+ Section 62.2.1, “Setting the Timeout Interval for Inactive Sessions,” on page 907 


+ Section 62.2.2, “Customizing Auto-Save Functionality,” on page 908 


à 


+ Section 62.2.3, “Preventing Users from Changing Their GroupWise Passwords in WebAccess,’ 
on page 908 


+ Section 62.2.4, “Helping Users Who Forget Their GroupWise Passwords,” on page 909 
+ Section 62.2.5, “Controlling WebAccess Usage,” on page 909 


Setting the Timeout Interval for Inactive Sessions 


Users are eventually logged out of GroupWise WebAccess if they have not performed any actions 
that generate requests. Actions such as opening or sending a message generate requests. Other 
actions, such as scrolling through the Item List, composing a mail message without sending it, and 
reading Help topics, do not generate requests. 


The timeout interval depends on whether the user selects This is a public or shared computer or This is a 
private computer in the Login window. On a private computer in a secure location, the default 
WebAccess timeout is 480 minutes (8 hours), which is convenient for day-long use. On a public or 
shared computer, the default timeout is 20 minutes, which protects your personal data. The timeout 
interval provides security for GroupWise WebAccess users who forget to log out. It also helps the 
performance of the Web server by freeing the resources dedicated to that user's connection. 


The WebAccess Application on the Web server controls the timeout. At the time the user is logged 
out, the WebAccess Application saves the user's current session to a directory on the Web server, 
where it is stored for 24 hours. If the logged-out user attempts to continue the session, he or she is 
prompted to log in again, after which the WebAccess Application renews the session. For example, 
suppose a user is composing a message when the timeout interval expires and then attempts to send 
the message. The user is prompted to log in again, after which the message is sent. No information is 
lost. 


To adjust the timeout interval: 


1 Openthe webacc.cfgfile in a text editor. 
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62.2.3 


2 Tochange the timeout interval for use on a public or shared computer, search to find the 
following line: 
Security.timeout=20 


3 Changethe default of 20 to the number of minutes that you prefer for the public/shared timeout 
interval. 


4 To change the timeout interval for use on a private computer, search to find the following line: 


Security.Private.timeout=480 


5 Changethe default of 480 to the number of minutes that you prefer for the private timeout 
interval. 


6 Save the webacc.cfg file. 

7 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 
The timeout interval applies to all users who log in through the Web server where the WebAccess 
Application is running. You cannot set individual user timeout intervals. However, if you have 


multiple Web servers, you can set different timeout intervals for the Web servers by completing the 
above steps for each server’s WebAccess Application. 


Customizing Auto-Save Functionality 


By default, GroupWise WebAccess automatically saves users’ work on a regular basis, so that if a 
problem with a Web server occurs or the user times out, their work is not lost. For details about the 
Auto-Save feature, see “Saving Unfinished Email” in “Email” in the GroupWise 2012 WebAccess User 
Guide. 


Increasing the settings so that users’ work is saved less frequently reduces the load on the Web server 
but increases the amount of work that users could potentially lose. Reducing the settings so that 
users’ work is saved more frequently increases the load on the Web server, but reduces the amount of 
work that users could potentially lose. 


To adjust the Auto-Save intervals: 


1 Open the webacc.cfg file in a text editor. 
2 Search to find the Auto Save section. 


3 For the Autosave .NonUse.timer setting, increase or decrease the number of seconds after 
which the content is saved if there have been no modifications since the last save. 


The default non-use interval is 10 seconds. Specify 0 (zero) to turn off this functionality. 


4 For the Autosave .Use.timer setting, increase or decrease the number of seconds after which 
the content is saved even when users are actively composing content. 


The default is 60 seconds. Specify 0 (zero) to turn off this functionality. 
5 Save the webacc.cfg file. 
6 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


Preventing Users from Changing Their GroupWise Passwords in 
WebAccess 
By default, users are allowed to change their GroupWise passwords in WebAccess. You can prevent 


them from doing so if you prefer that users change their passwords in some other way, for example if 
you are using an LDAP directory for authentication. 


908 GroupWise 2012 Administration Guide 


62.2.4 
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To adjust password security: 


1 Openthe webacc.cfgfile in a text editor. 

2 Search to find the following line: 
User.Access.security 

3 Change true to false. 


4 Save the webacc.cfg file. 
5 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


Helping Users Who Forget Their GroupWise Passwords 


The GroupWise WebAccess Login page provides a Can't log in link for users to click when they have 
forgotten their GroupWise passwords. By default, the link displays the following file: 
/var/opt/novell/tomcat5/webapps/gw/webaccess/yyyymmddnnnn/images/helpdesk.htm 


The variable yyyymmddnnnn represents the year, month, day, and build number of the WebAccess 
software that you have installed. 


You can use your HTML editor of choice to customize the contents of this file. For example, you 
might want to include the email address of the local GroupWise administrator who handles 
password issues, or perhaps the URL of your company's Help Desk Web page. 


As an alternative, you can configure the WebAccess Application to display any URL of your 
choosing. 

1 Open the webacc.cfg file in a text editor. 

2 Search to find the following line: 


#Helpdesk.url=http://www.novell.com/helpdesk.html 


3 Remove the pound sign (#) to activate the setting. 


4 Replace the sample URL with wherever you want users to be directed when they have forgotten 
their GroupWise passwords. 


5 Save the webacc.cfg file. 
6 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


Controlling WebAccess Usage 


You can control which users can use WebAccess to access their GroupWise mailboxes. By default, all 
GroupWise users can use WebAccess. 


You can control access based on the domain or post office where the user's mailbox is located. You 
can control access for groups of users based on distribution lists, and you can control access for 
individual users. 
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Access control is established through the gwac.xm1 file, located in the same directory with the 
webacc .cfg file. 


The default gwac .xm1 file illustrates the following options: 


<!-- To allow access to all EXCEPT a few, use this technigue. --> 
<!-- 
<gwac access="prevent"> 
<domain name="domainl" /> 
<postoffice name="po2.domain2" /> 
<user name="jdoe.po3.domain3" /> 
<distributionList name="helpdesk.po4.domain4" /> 
<resource name="confroom.po4.domain4" /> 
< /gwac> 


== 


<!-- To prevent access to all EXCEPT a few, use this technigue --> 
<l-- 

<gwac access="allow"> 

<domain name="domaini" /> 

<postoffice name="po2.domain2" /> 

<user name="jdoe.po3.domain3" /> 

<distributionList name="helpdesk.po4.domain4" /> 

<resource name="confroom.po4.domain4" /> 
< /gwac> 


= 


You can use any ASCII text editor that you prefer to edit the gwac.xml file. 


1 


Open the gwac.xml file in a text editor. 


Typically, you use the gwac.xm1 file to override the default of allowing all users to use 
WebAccess. 


(Optional) Under the <gwac access="prevent"> line, create one or more lines to prevent users 
in one or more domains from using WebAccess, for example: 


<domain name="provo5"/> 
<domain name="provo6"/> 


(Optional) Create one or more lines to prevent users in one or more post offices from using 
WebAccess, for example: 


<postoffice name="interns.provol"/> 
<postoffice name="temps.provol"/> 


Specify the post office in post office.domain format. 


(Optional) Create one or more lines to prevent users in one or more distribution lists from using 
WebAccess, for example: 


<distributionList name="webaccessdenied.admin.provo1"/> 


Specify the distribution list in distribution list.post office. domain format. 


Using one or more distribution lists is the most flexible approach to access control for 
WebAccess. The distribution list belongs to a specific post office (for example, the one you 
belong to), but it can include GroupWise users located anywhere in your GroupWise system. By 
using a distribution list, you can easily modify access control for specific users by modifying the 
distribution list in ConsoleOne, rather than needed to modify the gwac . xm1 file whenever access 
control changes are needed. For more information about distribution lists, see Chapter 18, 
“Creating and Managing Distribution Lists,” on page 285. 
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62.3 


62.3.1 


5 (Optional) Create one or more lines to prevent specific users from using WebAccess, for 
example: 


<user name="sjones.interns.provol"/> 
<user name="gbock.interns.provol"/> 


6 (Conditional) If you want to prevent most users and allow only specified users, use a <gwac 
access="allow"> line instead of a <gwac access="prevent "> line. 


7 Save the gwac.xml file. 


8 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


Customizing User Functionality 


You can control the functionality of certain aspects of the GroupWise WebAccess user interface. Any 
changes you make take effect the next time users log in to WebAccess. 


+ Section 62.3.1, “Customizing the WebAccess User Interface with Your Company Logo,” on 
page 911 

+ Section 62.3.2, “Controlling Viewable Attachment Types,” on page 912 

+ Section 62.3.3, “Controlling Viewable Attachment Size,” on page 913 

+ Section 62.3.4, “Customizing the Default Calendar View,” on page 913 

+ Section 62.3.5, “Customizing the Default List Functionality,” on page 915 

+ Section 62.3.6, “Enabling an LDAP Address Book,” on page 916 


Customizing the WebAccess User Interface with Your Company Logo 


You can customize the WebAccess user interface to display your company logo. In the WebAccess 
Login window, you can replace the GroupWise envelope icon and the words “Novell GroupWise” in 
the upper left corner. In the main WebAccess window, you can replace the words “Novell 
GroupWise” in the menu bar. 


The logo size for the WebAccess Login window must not exceed 215 pixels in width by 120 pixels in 
height. 


The logo size for the upper left corner of the main WebAccess window must not exceed 220 pixels in 
width by 40 pixels in height. 
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Interface customizations are established through the customization.cfg file, which is located in the 
same directory as the webacc . cfg file. 


1 Make sure that you have company logo images that approximately match the size and shape of 
the Novell logos that you are replacing. 


2 Copythe logo image files to a location on your Web server where they can be displayed by 
specifying a URL. 


The logo image files must reside on the same server with the WebAccess Application that you 
are configuring. You can put them in a subdirectory under your Web server's document root 
directory. 


3 Open the customization.cfg file in a text editor. 
4 Specify the logo image to use in the WebAccess Login window: 
4a Uncomment the following line: 
Company.Logo.Login.src= 
4b Replace the sample URL with the URL for the company logo file for the Login window. 
4c Replace the sample mouse-over text with the mouse-over text for your company logo. 
5 Specify the logo image to use in the main WebAccess window: 


5a Uncomment the following line: 
Company .Logo.Caption.src= 


5b Replace the sample URL with the URL for the company logo file for the main WebAccess 
window. 


5c Replace the sample mouse-over text with the mouse-over text for your company logo. 
6 Save the customization.cfg file. 


7 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


62.3.2 Controlling Viewable Attachment Types 


By default, WebAccess allows users to view attachments in their native file formats for all file 
extensions except . rar (Roshall Archive, a compressed archive format) and .avi (Audio Visual 
Interleaf format). For all other file types, the View link is available in WebAccess. You can configure 
the WebAccess Application so that the View link is not available for additional file types. 


To add to the list of file types that WebAccess users cannot view in native file format: 
1 Open the webacc.cfg file in a text editor. 
2 Search to find the following line: 
Document . View. excludeDocExtensions= 


3 Add file extensions to the list, separating each file extension with a comma. 
Do not include periods on the file extensions or spaces between the file extensions. 
4 Save the webacc.cfg file. 


5 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 
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62.3.3 Controlling Viewable Attachment Size 


By default, users can view allowable attachment types that are less than 1 MB is size. Increasing the 
maximum viewable attachment size increases the load on the Web server. Decreasing the maximum 
viewable attachment size decreases the load on the Web server. 


For allowable attachment types that do not exceed the size limit, the View link is available in 
WebAccess. For allowable attachment types that exceed the size limit, the View link is not available, 
and users must save the large attachments in order to view them. 


To adjust the viewable attachment size limit: 
1 Openthe webacc.cfgfile in a text editor. 
2 Searchto find the following line: 
Document .View.maxSize= 
3 Increase or decrease the size as needed. 
Specify the size in bytes. For example, 1024000 is 1 MB. 
4 Save the webacc.cfg file. 


5 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


62.3.4 Customizing the Default Calendar View 


By default, WebAccess displays the Week view of the calendar: 


Novell Mailbox Calendar Contacts Documents Logout 20%, 


gi Mail v Appointment [V] Task (2; Reminder Note = *A Proxy «© Find 
+ 


(e ie Today 4 | | Ti | > | E Print View 


MH © calendar Sun 23 | Mon24 | Tue25 Wed26  Thu27 | Fri28 | Sat29 
[¥] O Personal ai 
8:00 AM = 
9:00 AM 
10:00 AM 
11:00 AM 
* 12:00 PM 
1:00 PM 
«> «> 
2:00 PM 
s M T w T F 
3:00 PM 
2 3 4 5 6 7 
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a 
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You can change the default to the Day view. 
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Novell Mailbox Galendar Contacts Documents +. 


i Mail ~ © Appointment [V] Task [Ži Reminder Note = JA Proxy 42 Find 
fe He Today 4 > E Print View 
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E © Personal i 
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30 31 
Or you can change the default to the month view. 
Novell Mailbox Calendar Gontacts Documents +. 
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The default you select affects how the Calendar displays for GroupWise users to access their 
mailboxes through this instance of the WebAccess Application. 


To change the default Calendar view: 


1 Openthe webacc.cfgfile in a text editor. 
2 Searchto find the following line: 
User.Calendar.defaultView= 
3 Change Week to Day or Month. 
4 Save the webacc.cfg file. 
5 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


62.3.5 Customizing the Default List Functionality 


By default, in lists of items, contacts, and Find results, GroupWise WebAccess users can Shift+click 
and Ctrl+click to select multiple items to perform an action on. 


Novell Mailbox Galendar Gontacts Documents +. 


ii Mail v © Appointment M Task [i Reminder Note KA Proxy T Folders Q Find 


6 Tabitha Hu Cc Ñ Delete (Accept [Decline [Complete  æs Mark Unread Mark Read i5 Categories 
(=) 
TES Name Subject Date w Size 
© Unopened items 
a Marie Barnard Coordination Meeting 9/9/11 5:35 PM 2KB 
& Sent tems 
Marie Barnard Conference number 8/23/11 2:21 PM 2 KB 
b Calendar 
= Marie Barnard Please forward along to your teams 8/12/11 2:00 PM 2 KB 
b Frequent Contacts 
1 Marie Barnard Fwd: Meetin 8/8/11 11:39 AM 2 KB 
M Tasklist ESA 9 


@ work in Progress 
& cabinet 
Ü trash 


Some Web-based interfaces use check boxes for multiple selection. This interface option is also 
available for GroupWise WebAccess. 


Novell Mailbox Galendar Contacts Documents #. 


@ Mail + © Appointment [Vi Task [Zi ReminderNote 2% Proxy "mj Folders 42 Find 


s @ Tabitha Hu Cc ti} Delete Accept [Decline [Complete gsm Mark Unread jääMarkRead JE Categories 
ja) 
I oD Name Subject Date w Size 
E Unopened Items = 
LJ a Marie Barnard Coordination Meeting 9/9/11 5:35 PM 2k 
& Sent tems 
Marie Barnard Conference number 8/23/11 2:21 PM 2k 
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=) Marie Barnard Please forward along to your teams 8/12/11 2:00 PM 2k 
b Frequent Contacts 
v Marie Barnard Fwd: Meetin 8/8/11 11:39 AM 2 
M Tasklist a = 8 i 


@ Work in Progress 
E Cabinet 
Lo] Trash 


To configure WebAccess to display check boxes: 


1 Open the webacc.cfg file in a text editor. 
2 Search to find the following line: 
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3 
4 
5 


List.Checkboxes.show= 
Change false to true. 
Save the webacc.cfg file. 


Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


62.3.6 Enabling an LDAP Address Book 


You can configure WebAccess to access an LDAP directory as if it is a GroupWise address book. 


916 


1 Open the webacc.cfg file in a text editor. 


oo R Ww N 


N 


Search to find the following line: 


User.Access.LDAP=false 

Change false to true to enable users to access an LDAP address book. 
Save the webacc .cfg file. 

Open the ldap.cfg file in a text editor. 


Replace the sample information in the läap.cžg file with the specific information for the LDAP 
directory that you want users to access as a Group Wise address book. 


Save the 1dap.cfg file. 


8 Follow the instructions in Section 62.1.6, “Putting WebAccess Configuration Changes into 


10 


12 


Effect,” on page 906. 
Verify that the LDAP directory is available as a GroupWise address book: 


Ga In WebAccess, open a new item. 


9b Click Address, then click the Plus icon 

9c Expand the list of address books, then select the LDAP address book. 
(Conditional) If the LDAP address book does not appear in the list: 
10a Check your modifications to the webacc.cfg file and 1dap. cfg file for errors. 
10b Check the WebAccess Application log file for error messages. 

For assistance, see Section 63.2, “Using WebAccess Application Log Files,” on page 918. 
10c Resolve the problem, so that the LDAP address book appears in the list of address books. 
Verify that the LDAP address book works as expected: 
1la Send a message to a recipient in the LDAP address book. 
11b Verify that the message was delivered successfully. 


Notify GroupWise users that the LDAP address book is available, and explain to them how to 
access it. 


The LDAP address book is available only in the Address Selector and only in WebAccess. It is 
not available in the GroupWise client. 
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63.1.1 


Monitoring the WebAccess Application 


The WebAccess Application can be monitored in your Web browser. You can also use log files to 
monitor the WebAccess Application. 

+ Section 63.1, “Using the WebAccess Application Web Console,” on page 917 

+ Section 63.2, “Using WebAccess Application Log Files,” on page 918 


Using the WebAccess Application Web Console 


The WebAccess Application includes a Web console that you can use to monitor it. The Web console 
lets you see information about logged-in users, such as their IP address, their Group Wise and Web 
browser versions. In addition, you can view the WebAccess Application's log files and configuration 
files. The WebAccess Application Web console is enabled by default. 


Enabling the WebAccess Application Web Console 


Open the webacc.cfg file in a text editor. 
Search to find the Application Administration Tool section. 


For the Admin.WebConsole.enable setting, change false to true. 


Bh WN PP 


For the Admin .WebConsole .username setting, specify the user name for accessing the 
WebAccess Application Web console. 


5 For the Admin.WebConsole. password setting, specify the password for accessing the 
WebAccess Application Web console. 


6 Save the webacc.cfg file. 
7 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


63.1.2 Using the WebAccess Application Web Console 


1 Ina Web browser, enter the following URL: 


http://server address/gw/webacc?action=Admin.Open 
Replace server address with the Web server's IP address or DNS hostname. 


2 When prompted, enter the user name and password. 
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63.2.1 


63.2.2 


The Web console is displayed. 
Novell GroupWise WebAccess Application Monday - December 5, 2011 20:09 


Status | Configuration | Log Files | Refresh | Help 


Up Time: 0 Days 5 Hours 58 Minutes 


User Information - 1 Active User(s) 
User Id Logged In Last Access Interface Domain Post Office Language Client IP 
mpalu@yourcompanyname.com 12/05/11 20:09 12/05/11 20:09 css Provo1 Development en 17215717 


Total Active Users: 1 


Using WebAccess Application Log Files 


Error messages and other information about WebAccess Application functioning are written to log 
files as well as displaying on the WebAccess Application server console (Windows only). Log files 
can provide a wealth of information for resolving problems with WebAccess Application functioning 
or message flow. Logging is enabled by default. 

+ Section 63.2.1, “Locating WebAccess Application Log Files,” on page 918 

+ Section 63.2.2, “Configuring WebAccess Application Log Settings,” on page 918 

+ Section 63.2.3, “Viewing WebAccess Application Log Files,” on page 919 

+ Section 63.24, “Interpreting WebAccess Application Log File Information,” on page 919 


Locating WebAccess Application Log Files 


By default, WebAccess Application log files (mnddwas . nnn) are located in the GroupWise Web 
application working directory. 


You can change the location where the WebAccess Application creates its log files, as described in 
Configuring WebAccess Application Log Settings. 


Configuring WebAccess Application Log Settings 


1 Open the webacc.cfg file in a text editor. 
2 Search to find the Logging Information section. 
3 Adjust the following log settings as needed: 


Log.maxSize: Specify the maximum amount of disk space you want to use for WebAccess 
Application log files. If the disk space limit is exceeded, the WebAccess Application deletes log 
files, beginning with the oldest file, until the limit is no longer exceeded. The default disk space 
is 102400 KB (100 MB). 


Log.maxAge: Specify the number of days you want to retain the log files. The WebAccess 
Application retains log files for the specified number of days unless the maximum disk space for 
the log files is exceeded. The default age is 30 days. 


Log.level: There are three log levels: 
+ Normal (default) Displays warnings and errors. 


+ Verbose: Displays the Normal log level information, plus information messages and user 
requests. 
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63.2.4 


+ Diagnostic: Displays all possible information. Use Diagnostic only if you are 
troubleshooting a problem with the WebAccess Application. 


The Verbose and Diagnostic log levels do not degrade WebAccess Application 
performance, but log files consume more disk space when Verbose or Diagnostic logging is 
in use. 


Log.path: Specify the file path where you would like the log files to be stored. For example: 
Log.path=C: /User/jdoe/logs 

4 Save the webacc.cfg file. 

5 Skip to Section 62.1.6, “Putting WebAccess Configuration Changes into Effect,” on page 906. 


Viewing WebAccess Application Log Files 


For the default location of the WebAccess Application log files, see Section 63.2.1, “Locating 
WebAccess Application Log Files,” on page 918. 


When logging is turned on, the WebAccess Application creates a new log file each day and each time 
it is restarted (as part of the Web server startup). Therefore, you find multiple log files in the log file 
directory. The first four characters represent the date (mmdd). The next three characters identify the 
WebAccess Application (waa). A three-digit extension allows for multiple log files created on the 
same day. For example, a log file named 0518waa.001 indicates that it is a WebAccess Application 
log file, created on May 18. 


For convenience, you can view WebAccess Application log files in the WebAccess Application Web 
console: 


Novell GroupWise WebAccess Application|Monday - December 5, 2011 20:26 


Status | Configuration | Log Files | Help 


1128WAS 004 11-28-11 19:20:48 OKB + 
1128WAS 005 11-28-11 19:22:16 OKB 
1128WAS 006 11-28-11 19:22:49 OKB 
1128WAS 007 11-28-11 19:23:10 OKB 


1201WAS 001 12-01-11 142100 OKB 
1201WAS 002 12-01-11 18:54:31 OKB 
1201WAS.003 12-01-11 18:57:04 OKB 
1201WAS.004 12-01-11 18:58:03 OKB 


1205WAS.001 12-05-11 14:05:55 OKB 
1205WAS 002 12-05-11 14:07:42 OKB 
1205WAS 003 12-05-11 20:09:32 OKB 


Interpreting WebAccess Application Log File Information 


In its log file, the WebAccess Application records user activity in GroupWise WebAccess, along with 
a time stamp showing when the activity took place. 
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Calendar Publishing Host 


+ Chapter 64, “Configuring the Calendar Publishing Host,” on page 923 
+ Chapter 65, “Monitoring Calendar Publishing,” on page 931 

+ Chapter 66, “Creating a Corporate Calendar Browse List,” on page 933 
+ Chapter 67, “Managing Your Calendar Publishing Host,” on page 935 


For a complete list of port numbers used by the Calendar Publishing Host, see Section A.8, “Calendar 
Publishing Host Port Numbers,” on page 1172. 
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64.1 


64.1.1 


Configuring the Calendar Publishing 
Host 


For Calendar Publishing Host system reguirements, see “Calendar Publishing Host System 
Reguirements” in the GroupWise 2012 Installation Guide. For detailed instructions about installing and 
setting up the GroupWise Calendar Publishing Host for the first time, see “Installing the GroupWise 
Calendar Publishing Host” in the GroupWise 2012 Installation Guide. 


The default configuration of the Calendar Publishing Host is adeguate to begin publishing calendars. 
As your GroupWise system grows and evolves, you might need to modify its configuration to meet 
the changing needs of the users it services. 


+ Section 64.1, “Using the Administration Web Changing Post Office Settings 
Console,” on page 923 Adjusting Log Settings 
Configuring LDAP Authentication 
Customizing the Calendar Publishing Host Logo 


+ Section 64.2, “Using the calhost.cfg File,” on Setting the Published Calendar Auto-Refresh Interval 
page 928 Setting the Default Published Calendar View 
Configuring an External POA IP Address 
Changing the SSL Trusted Root Certificate 


Using the Administration Web Console 


Some aspects of the Calendar Publishing Host can be configured using the Administration Web 
console. 

+ Section 64.1.1, “Logging In to the Administration Web Console,” on page 923 

+ Section 64.1.2, “Changing Post Office Settings,” on page 924 

+ Section 64.1.3, “Adjusting Log Settings,” on page 924 

+ Section 64.1.4, “Configuring LDAP Authentication,” on page 926 

+ Section 64.1.5, “Customizing the Calendar Publishing Host Logo,” on page 927 

+ Section 64.1.6, “Logging Out of the Administration Web Console,” on page 927 


Logging In to the Administration Web Console 


The Calendar Publishing Host Administration Web console is a browser-based administration tool 
that enables you to easily change the configuration of the Calendar Publishing Host. 


1 Display the Calendar Publishing Host Administration Web console login page: 
http://network_address/gwcal/admin 
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Novell Oct 6, 2011 (Thursday) Help 


Login 


2 Provide the administrative user and password you set up in “Setting Up a Calendar Publishing 
Host” in the GroupWise 2012 Installation Guide, then click Login. 


64.1.2 Changing Post Office Settings 


1 Log in to the Calendar Publishing Host Administration Web console. 


Novell Logout 


Post Office Settings 


Post Office 


Specify the IP address or DNS hostname of the Post Office that publishes calendars and free/busy 
schedules. The publishing host queries this post office for the other post offices that are also publishing 
Logging calendars and free/busy schedules. 


Authentication Post office TGP port: 
Specify the TCP port that the post office is listening on for publishing calendars and free/busy schedules. 


Customize 


The Post Office page provides the information that the Calendar Publishing Host needs in order 
to communicate with a POA to obtain calendar and free/busy information. The initial 
information was provided during installation, as described in “Configuring a POA for Calendar 
Publishing” in “Installing the GroupWise Calendar Publishing Host” in the GroupWise 2012 
Installation Guide. 


2 Change the post office settings as needed. 


Post office network address: Specify the IP address or DNS hostname of the POA that is 
configured for calendar publishing. 


Post office TCP port: Specify the calendar publishing port that the POA uses to communicate 
with the Calendar Publishing Host. 


3 If you make changes, click Save. 


64.13 Adjusting Log Settings 


1 Log in to the Calendar Publishing Host Administration Web console, then click Logging to define 
log settings for the Calendar Publishing Host: 
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Novell 


Enable logging 


Select this option to tum on logging for the Calendar Publishing Host 


Loggini 

ras Log te path 
Specify the path where the Calendar Publishing Host logs messages. 

Authentication 


AR (elm (ele mii (team) 102400 


ETES Specify in kilobytes the maximum size for log files. When the combined size of log files reaches this size, the 


oldest log files are deleted. 


Max Log File Age 


Enter the number of days for the maximum age for a log file. When the log files are this old, they are deleted 


Log level 


Select the level of detail that you want recorded in the lof file. 


Use Tomcat log file: JH 


Select this option to log information to the serviet containers log file in addition to the standard log file 


Logging is enabled by default. Default settings are provided for the rest of the fields. 
2 Change the Calendar Publishing Host log settings as needed: 
Enable Logging: Deselect this option to turn off Calendar Publishing Host logging. 
Log File Path: The default log file location is the GroupWise Web application working directory. 
Change the log file settings as needed: 


Max Size for Log Files: Specify in kilobytes the maximum size for log files. When the combined 
size of log files reaches this size the oldest log files are deleted. 


Max Log File Age: Specify the number of days for the maximum age for a log file. When a log 
file reaches this age, it is deleted. 


Log Level: Select the level of detail that you want recorded in the log file. 

Use Tomcat Log File: Select this option if you want the same information logged to the Tomcat 
log file as is logged to the Calendar Publish Host log file. The location of the Tomcat log file 
varies by platform: 


OES 11: /var/opt/novell/tomcat6/logs 


OES 2 Linux: /var/opt/novell/tomcat5/logs 


SLES 11: /usr/share/tomcat6/logs 
SLES 10: /srv/www/tomcat5/base/logs 
Windows: c:\novell\tomcat6\logs 


3 If you make changes, click Save. 
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64.1.4 Configuring LDAP Authentication 


926 


1 Log in to the Calendar Publishing Host Administration Web console, then click Authentication. 


Novell Logout 


Administrator LDAP Authentication Settings 


LDAP authorty network address 
Post Office 


Specify the IP address or DNS hosiname of the LDAP server to use when authenticating Calendar 
Publishing Host administrators 


Logging 
(427111 (=> dum] cn = {0}, ou =docdev,o=novell 
Authentication Specify a formatting string to create the full LDAP context for the authenticating object Use {0} in 
place of the object name. For example, a formatting string of is translated to 
En if admin is entered as the usemame on the login screen 


Specify the name of the LDAP attribute that must contain the required value in order to allow 
administrator access. 


ETES TETE cn =ca ipubadmingrp,ou=docdev,o=noveli 


Specify the value of the required LDAP attribute that must be present in order to allow administrator 
access. Separate multiple choices for values with the vertical bar 


| sae | Ren | 


The Authentication page provides the information that the Calendar Publishing Host needs in 
order to log into eDirectory. The Calendar Publishing Host uses LDAP authentication to log in. 
The initial information was provided during installation, as described in “Setting Up Calendar 
Publishing Administration” in “Installing the GroupWise Calendar Publishing Host” in the 
GroupWise 2012 Installation Guide. 


Change the authentication information as needed: 


LDAP Authority Network Address: Specify the IP address or DNS hostname of an LDAP 
server where users of the Calendar Publishing Host Administration Web console have accounts. 
Include the port number (typically 389 for non-secure connections and 636 for secure SSL 
connections). 


LDAP Context. Specify the context in which the User objects for Calendar Publishing Host 
administrators are located. The variable {0} represents whatever user name is provided on the 
Administration Web console login page. The User object for the administrator must be located in 
the specified context. By providing the context here, administrators do not need to provide the 
context when they log in to the Administration Web console. 


Required LDAP Attribute: By default, the Calendar Publishing Host checks users for 
membership in a specific group before it grants access to the Calendar Publishing Host 
Administration Web console. This default is typically appropriate. 


Required LDAP Value: If you retain the default LDAP attribute of groupMembership, specify 
the full context of the group to which Calendar Publishing Host administrator users must 
belong in order to log in to the Administration Web console. If you change the default LDAP 
attribute, specify the required value for that attribute. 


3 If you make changes, click Save. 
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64.1.6 


The SSL trusted root certificate that you supplied when you installed the Calendar Publishing Host 


cannot be changed from the Administration Web console. If you need to change the certificate 
information, see Section 64.2.5, “Changing the SSL Trusted Root Certificate,” on page 929. 


Customizing the Calendar Publishing Host Logo 


1 Logintothe Calendar Publishing Host Administration Web console, then click Customize to 


modify the appearance of the main browser page displayed by the Calendar Publishing Host. 


Novell Logout 


Customize Calendar List Heading 


Logo image: SE 
Post Office 

Specify the URL of the image to display in the top left comer of the list of published calendars. 
Loggi 

i Logo txt: JNA 

Specify the text that you want to appear to the left of the custom logo image. 

Authentication 
Logo text position: © Top @ middie @ Bottom 

Customize 


Select how you want the text positioned relative to the logo image. 


The Customize page enables you to use a different logo, perhaps your company logo, on the 


main Calendar Publishing Web page. 
2 Provided the information for your company logo: 
Logo Image: Specify the full path and file name of the customized image file. 


Logo Text: Specify the text to accompany the customized image. 


Logo Text Position: Select Top, Middle, or Bottom, based on the example displayed in the box 


below the field. 
3 Click Save. 


Logging Out of the Administration Web Console 


When you close the browser page, you are automatically logged out of the Calendar Publishing Host 


Web console. 


The Calendar Publishing Host checks its configuration file (calhost . cfg) every 10 minutes. 


Therefore, it can take up to 10 minutes for the changes you made in the Administration Web console 


to take effect in the functionality of the Calendar Publishing Host. 
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64.2 


64.2.1 


64.2.2 


Restarting Tomcat 


If you want your changes to take effect immediately, restart Tomcat: 
OES 11: rcnovell-tomcat6 stop 
rcnovell-tomcat6 start 


OES 2 Linux: rcnovell-tomcat5 stop 
rcnovell-tomcat5 start 


SLES 11: rctomcat6 stop 
rctomcat6 start 


SLES 10: rctomcat5 stop 
rctomcat5 start 


Windows: 1. At the Windows server, click Start > Administrative Tools > Services. 
2. Right-click Tomcat 6, then click Restart. 


Using the calhost.cfg File 


Some aspects of the Calendar Publishing Host cannot be configured in the Administration Web 
console, so you must manually edit the calhost .cfg file instead. 


+ Section 64.2.1, “Editing the calhost.cfg File,” on page 928 

+ Section 64.2.2, “Setting the Published Calendar Auto-Refresh Interval,” on page 928 
+ Section 64.2.3, “Setting the Default Published Calendar View,” on page 929 

+ Section 64.2.4, “Configuring an External POA IP Address,” on page 929 

+ Section 64.2.5, “Changing the SSL Trusted Root Certificate,” on page 929 

+ Section 64.2.6, “Restarting the Web Server,” on page 930 


Editing the calhost.cfg File 


You can use any ASCII text edit that you prefer to edit the calhost . cfg file. 


IMPORTANT: It is strongly recommended that you do not modify any settings that are not 
documented in the following sections. 


Setting the Published Calendar Auto-Refresh Interval 


By default, when users view a published calendar, the calendar view in the user’s browser is not 
refreshed while users are viewing the calendar. You can configure the Calendar Publishing Host to 
automatically refresh the information that displays in a published calendar. This is especially helpful 
when calendars for resources such as conference rooms are published and displayed outside of the 
rooms. 


1 Edit the calhost.cfg file. 
2 Find the line that starts with: 
Templates .Content .Refresh= 


3 Replace 0 (zero) with the number of seconds after which you want the Calendar Publishing Host 
to refresh the content of published calendars. 
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4 Save the calhost.cfgfile, then exit the text editor. 
5 Skip to Section 64.2.6, “Restarting the Web Server,” on page 930. 


64.2.3 Setting the Default Published Calendar View 


By default, published calendars are displayed in the Week view. A Day view and a Month view are 
also available. 

1 Edit the calhost.cfg file. 

2 Find the line that starts with: 


User .Calendar.defaultView= 


3 Replace Week with Day or Month as desired. 
4 Save the calhost.cfg file, then exit the text editor. 
5 Skip to Section 64.2.6, “Restarting the Web Server,” on page 930. 


64.2.4 Configuring an External POA IP Address 


If the POAs in your GroupWise system are configured to use an external IP address, as described in 
Section 36.3.1, “Securing Client/Server Access through an External Proxy Server,” on page 506, you 
can configure the Calendar Publishing Host to always communicate with the POAs in your 
GroupWise system through that same external IP address. 

1 Edit the calhost.cfg file. 


2 Find the line that starts with: 
po.1.Is.IPAddress.External= 


3 Replace 0 with 1 to enable this functionality. 
4 Add the following lines to the calhost .cfg file to define the external POA: 


po.1.IPAddress=ip address 
po.1.port=calendar publishing port 


4a Replace ip address with the external IP address used by the POAs in your GroupWise 
system. 


4b Replace calendar publishing port with the calendar publishing port number for the 
POAs. 


The default calendar publishing port number is 80. 
5 Save the calhost.cfgfile, then exit the text editor. 
6 Skip to Section 64.2.6, “Restarting the Web Server,” on page 930. 


64.2.5 Changing the SSL Trusted Root Certificate 


LDAP authentication using SSL was originally set up during installation, as described in 
“Configuring Authentication to the Administration Web Console” in “Installing the GroupWise 
Calendar Publishing Host” in the GroupWise 2012 Installation Guide. If you need to change the SSL 
trusted root certificate information, you can rerun the Calendar Publishing Host Installation program 
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and specify new information, as described in “Installing the Group Wise Calendar Publishing Host” 
in “Installation” in the GroupWise 2012 Installation Guide, or you can edit the calhost.cfg file, as 
described below. 

1 Edit the calhost.cfg file. 


2 Find the line that starts with: 
Admin.Ldap.trustedRoot= 


3 Specify the full path to the trusted root certificate file. 
4 Save the calhost.cfg file, then exit the text editor. 
5 Skip to Section 64.2.6, “Restarting the Web Server,” on page 930. 


64.2.6 Restarting the Web Server 


After you edit the calhost .cfg file, you must restart Apache and Tomcat in order to put the changes 
into effect. 


OES 11: rcnovell-tomcat6 stop 
rcapache2 stop 
rcapache2 start 
rcnovell-tomcat6 start 


OES 2 Linux: rcnovell-tomcat5 stop 
rcapache2 stop 
rcapache2 start 
rcnovell-tomcat5 start 


SLES 11: rctomcat6 stop 
rcapache2 stop 
rcapache2 start 
rctomcat6 start 
SLES 10: rctomcat5 stop 
rcapache2 stop 
rcapache2 start 
rctomcat5 start 
Windows: 1. At the Windows server, click Start > Administrative Tools > Services. 


2. Right-click Tomcat 6, then click Restart. 
3. Right-click World Wide Web Publishing Service, then click Restart. 


930 GroupWise 2012 Administration Guide 


65.1 


Monitoring Calendar Publishing 


By monitoring the Calendar Publishing Host and the POAs it communicates with, you can determine 
whether or not its current configuration is meeting the needs of your GroupWise users. 

+ Section 65.1, “Viewing Calendar Publishing Status at the POA Web Console,” on page 931 

+ Section 65.2, “Using Calendar Publishing Host Log Files,” on page 932 

+ Section 65.3, “Using POA Log Files,” on page 932 


Viewing Calendar Publishing Status at the POA Web 
Console 


1 Display the POA Web console at the following URL: 
http://network_address:port 


Replace network address with the IP address or DNS hostname of a POA that is configured for 
calendar publishing and port is the POA HTTP port. The default HTTP port is 7181. 


2 Click Configuration. 


3 Underthe Internet Protocol Agent Settings heading, view the configuration information about the 
POA’s connection to the Calendar Publishing Host. 


Intemet Protocol Agent Settings: 


IMAP Agent Disabled 
SOAP Agent Enabled 
SOAP Port for Incoming SOAP requests 7191 

SOAP over SSL: Disabled 


SOAP Notification List: 
Event Configuration List 
Log SOAP Trace 


Calendar/Free Busy Publishing: Enabled 
Calendar Publishing Port 7171 (Default) 
Calendar Publishing Post Office List Show 
Calendar/Free Busy Publishing User List Show 


OES Calendar Publishing Host 
(17217.5.18:80) 

SLES Calendar Publishing Host 
(172.17.5.21:80) 

Windows Calendar Publishing Host 
(17217.5.19:80) 


Calendar Publishing Hosts 


4 Click Calendar Publishing Post Office List to view all POAs in your GroupWise system that have 
been configured for calendar publishing. 


GroupWise 2012 POA - Development.Provo1 


Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


Calendar Publishing Post Office List 

[Domain Name [Post Office Name [Agent Name IP Address [Publish Port 
Provol Development POA 17217.5.18 7171 
Provo2 Sales POA 172.17.5.21 7171 
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5 Click Calendar Free/Busy Publishing User List to view all users who have published free/busy 
information or personal calendars. 


A list of all Calendar Publishing Hosts in your GroupWise system is also provided. 


65.2 Using Calendar Publishing Host Log Files 


The default log file location is in the Group Wise Web application working directory. 


Logging is enabled by default. You can increase the amount of information that is logged, as 
described in Section 64.1.3, “Adjusting Log Settings,” on page 924. 


65.3 Using POA Log Files 


To find status information about how the Calendar Publishing Host is communicating with the POA, 
you can check the POA log files. For more information, see Section 37.3.3, “Viewing POA Log Files,” 


on page 552. 
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Creating a Corporate Calendar Browse 
List 


The Calendar Publishing Host creates a browse list of published calendars. However, by default, no 
calendars are displayed in the calendar browse list. To create a corporate calendar browse list, you 
need to grant rights to specific users, or at the post office or domain level, in order to publish to the 
corporate calendar browse list. 


In ConsoleOne: 
1 Browse to and right-click an individual user, or right-click a post office or domain where you 
want all users to have rights to publish to the browse list, then click Properties. 
2 Click GroupWise > Calendar Publishing. 


Properties of Provo1 
‘GroupWise v || NDS Rights + | Other | Rights to Files and Folders 


į Calendar Publishing i 


Override 


o 


Defined at: Corporate Mail 


3 Select Override, then select Enable Publishing of Calendars to the Browse List. 
This grants the right to publish calendars to the calendar browse list. 
4 Click OK. 


5 Repeat Step 1 through Step 4 as needed to grant rights to publish to the corporate calendar 
browse list. 
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67.1 


Managing Your Calendar Publishing 
Host 


As circumstances change over time, you might need to change the configuration of your Calendar 
Publishing Host to better meet the needs of your GroupWise users. 

+ Section 67.1, “Adding Multiple Calendar Publishing Hosts,” on page 935 

+ Section 67.2, “Assigning a Different Calendar Publishing Host to Users,” on page 936 

+ Section 67.3, “Editing Calendar Publishing Host Configuration,” on page 936 

+ Section 67.4, “Deleting a Calendar Publishing Host,” on page 937 


Adding Multiple Calendar Publishing Hosts 


Often, one Calendar Publishing Host is sufficient to service all Internet users who want to access your 
GroupWise users” calendar and free/busy information. However, you might want to add an 
additional Calendar Publishing Host for load balancing or to improve response time for Internet 
users in different geographical locations. 


However, if you have users in remote locations, and response time is slow for these users, you can 
add a Calendar Publishing Host to a POA that is closer to these remote users. 


NOTE: Sections referenced in the following steps are found in the GroupWise 2012 Installation Guide. 


1 Installthe Calendar Publish Host software to a remote Web server, as described in “Installing the 
GroupWise Calendar Publishing Host”. 


2 Addand configure the new Calendar Publishing Host, as described in “Configuring the 
Calendar Publishing Host in ConsoleOne”. Make sure you restart the POAs for post offices that 
support calendar publishing so that the POAs pick up the configuration information for the new 
Calendar Publishing Host. 


3 Restartthe Web Server and Tomcat on the server where you installed the new Calendar 
Publishing Host to establish it as part of your GroupWise system, as described in “Restarting the 
Web Server and Tomcat”. 


4 Make sure that the new Calendar Publishing Host is accessible by following the procedures 
provided in “Testing Calendar Publishing” in the GroupWise 2012 Installation Guide. 


5 Toimprove performance when you set up multiple Calendar Publishing Hosts, follow the 
instructions in TID 7007208: “Load Balancing and High Availability for GroupWise Calendar 
Publishing” in the Novell Support Knowledgebase (http://www.novell.com/support). 


6 Continue with “Assigning a Different Calendar Publishing Host to Users” on page 936. 
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67.2 Assigning a Different Calendar Publishing Host to Users 


1 In ConsoleOne, browse to and select a user ora post office with users to whom the new 
Calendar Publishing Host will be assigned. 


2 Click Tools > GroupWise Utilities. 


3 Click Client Options > Environment > Calendar. 


Environment Options: mpalu x| 


General l Client Access | Views | File Location 
Novell vibe | Tutorial | Address Book | Conferencing | Reoly Format | 
Cleanup Appearance | Retention | Junk Mail į f 


Web Calendar Publishing Host: 


OES Calendar Publishing Host nd | SR 
Calendar publish control 
F Enable calendar publishing ol Ga 
IV Enable rules to move items to a published calendar ol Ga 
Free/Busy search publish control 
[M Enable publish free/busy search oli Ga 
Calendar subscribe control 
[V Enable subscribe to calendar SAW 


Restore Default Settings 


4 Inthe Web Calendar Publishing Host field, select the new Calendar Publishing Host, then click the 
Lock button to ensure that the new Calendar Publishing Host setting overrides the previous 
setting. 


5 Click OK, then click Close. 
6 Repeat Step 1 through Step 5 until you are finished moving users. 


7 Notify the GroupWise users to whom the new Calendar Publishing Host as been assigned that 
they need to notify their Internet colleagues of the new URL for their published calendars and 
free/busy information. 


67.3 Editing Calendar Publishing Host Configuration 
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Over time, you might need to set up the Calendar Publishing Host on a different Web server with a 
different IP address or port number. 


NOTE: Sections referenced in the following steps are found in the GroupWise 2012 Installation Guide. 


1 If necessary, install the Calendar Publishing Host to a new Web server, as described in 
“Installation”. 


2 In ConsoleOne, select the GroupWise System object, then click Tools > GroupWise System 
Operations > Web Calendar Publishing Hosts. 
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Configure Web Calendar Publishing Host x| 
Web Calendar Publishing Host: OK | 
OES Calendar Publishing Host 
ISLES Calendar Publishing Host Cancel | 
Windows Calendar Publishing Host Add | 

Delete | 
Help 


F Enable Publishing of Calendars to the Browse List 


3 Selectthe Calendar Publishing Host whose configuration you need to change, then click Edit. 


Edit Web Calendar Publishing Host x| 
Name: OES Calendar Publishing Host 


URL: http://ibd-0es/gwcal 


Description: 


IP Address: [172.15.6.17 Zi 
TCPPot: [ 80 + 
Cancel | Help | 


Do not change the URL unless absolutely necessary. Changing the URL would invalidate the 
URL that GroupWise users have sent to Internet colleagues to access published calendars and 
free/busy information. 


4 Modify the IP address or port number as needed, then click OK twice. 


5 Restart Tomcat where the modified Calendar Publishing Host is installed, as described in 
“Restarting Tomcat” on page 928. 


6 Restart the POA so that it picks up the updated configuration information for the modified 
Calendar Publishing Host. 


7 Make sure that users can still access the Calendar Publishing Host by following the procedures 
provided in “Testing Calendar Publishing”. 


67.4 Deleting a Calendar Publishing Host 


1 If necessary, move users,Section 67.2, “Assigning a Different Calendar Publishing Host to 
Users,” on page 936. 


2 In ConsoleOne, select the GroupWise System object, then click Tools > GroupWise System 
Operations > Web Calendar Publishing Hosts. 


Configure Web Calendar Publishing Host x| 
Web Calendar Publishing Host: OK | 
OES Calendar Publishing Host 
SLES Calendar Publishing Host Cancel | 
Windows Calendar Publishing Host Add | 
Delete | 
Help 


F Enable Publishing of Calendars to the Browse List 
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3 Select the Calendar Publishing Host to delete, then click Delete. 
4 Click OK. 


5 Restart Tomcat where the Calendar Publishing Host has been deleted, as described in 
“Restarting Tomcat” on page 928. 


6 Restartthe POA that used to communicate with the deleted Calendar Publishing Host, so that 
the POA does not try to reestablish the connection. 
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Monitor 


+ Chapter 68, “Understanding the Monitor Agent Consoles,” on page 941 
* Chapter 69, “Configuring the Monitor Agent,” on page 945 

+ Chapter 70, “Configuring the Monitor Application,” on page 969 

+ Chapter 71, “Using GroupWise Monitor,” on page 973 

+ Chapter 72, “Comparing the Monitor Consoles,” on page 1001 

+ Chapter 73, “Using Monitor Agent Startup Switches,” on page 1003 


For a complete list of port numbers used by Monitor, see Section A.9, “Monitor Agent Port Number, 
on page 1173 and Section A.10, “Monitor Application Port Numbers,” on page 1173. 


For detailed Linux-specific Monitor information, see Appendix C, “Linux Commands, Directories, 
and Files for GroupWise Administration,” on page 1179. 
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68.1 


Understanding the Monitor Agent 
Consoles 


The Monitor Agent offers three different consoles where you can check the status of your GroupWise 
agents: 


+ Section 68.1, “Monitor Agent Server Console,” on page 941 
+ Section 68.2, “Monitor Agent Web Console,” on page 942 
+ Section 68.3, “Monitor Web Console,” on page 942 


For a comparison of the capabilities of the three consoles, see Chapter 72, “Comparing the Monitor 
Consoles,” on page 1001. 


For detailed instructions about installing and starting the GroupWise Monitor Agent for the first 
time, see “Installing Group Wise Monitor” in the GroupWise 2012 Installation Guide. 


Monitor Agent Server Console 


The Monitor Agent server console is available for the Windows Monitor Agent but not for the Linux 
Monitor Agent. 


-oix 


Configuration View Actions Reports Log Help 


DES Agents [3] Odth5tm  DevelopmentProvol POA  Od6h39m Linux 

SLES Agents [3] Odih5im  GWlAProvol GWIA Od6h38m Linux 

Windows Agents [3] Odi1h51m GWIA.Provo2 GwWiA = Od1h52m Windows 
Od1h5im GWIA.Provo3 GWA = Od2h29m Linux 
0d1h51m Provol MTA Od6h39m Linux 
Odih5im Provo2 MTA Od1h53m windows 
Odih51m Provo3 MTA Od2h29m Linux 


OdihSim Research. Provo3 POA 0d2h29m Linux 
Odih5im Sales. Provo2 POA 0d1h52m Windows 


All agent configuration tasks can be performed at the Monitor Agent server console, but some reports 
are not available. 
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68.2 


68.3 


Monitor Agent Web Console 


The Monitor Agent Web console is platform-independent and can be viewed at the following URL: 


http://web server address:8200 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


® Y Corporate Monitored agents for Corporate 
Ÿ OES Agents [3] Up Time: 0 d 2h 5m 
Y SLES Agents [3] Pol | [ Hide Subgroup A = = _ 


Ÿ Windows Agents [3] 
J" status Status Duration Name Type UpTime Closed Links Queued Platform Version 
O Y normal Od2h5m Development.Provot POA 0d6h49m NA NA Linux 12.0.0 (12/03/2011) 
O Normal Od2h5m GWIAProvot GWIA 0d6h48m NA NA Linux 12.0.0 (12/03/2011) 
O W vormsi Od2h5m GWIA.Provo2 GWIA 0d2h2m NA NA Windows 12.0.0 (12-03-11) 
O Y Nomai Od2h5m  GWIAProvo3 GWIA 0d2h39m NA NA Linux 12.0.0 (12/03/2011) 
TT W vorme 042h5m  Provot MTA 0d6h49m o 0 Linux 12.0.0 (12/03/2011) 
C W vorme 042h5m Provoz MTA Od2h3m o o Windows 12.0.0 (12/3/2011) 
TT W noma 0d2h5m Provo MTA Od2h39m 0 0 Linux 12.0.0 (12/03/2011) 
CW vorme 042h5m Research. Provo3 POA Od2h39m NA NA Linux 12.0.0 (12/03/2011) 
CV homa 092h5m Sales Provo2 POA Od2h2m NA NA Windows 12.0.0 (12/3/2011) 


To create the Monitor Agent Web console display, your Web server communicates directly with the 
Monitor Agent to obtain agent status information. You must be behind your firewall to use the 
Monitor Agent Web console. Because the Linux Monitor Agent does not have a server console, you 
use the Monitor Agent Web console in its place on Linux. 


The Monitor Agent Web console is divided into the Agent Groups window on the left and the Agent 
Status window on the right. You can use the Agents Groups window to create and manage agent 
groups in the same way that you can atthe Monitor Agent server console. 


Several Monitor features are available at the Monitor Agent Web console that are not available at the 
Monitor Agent server console or the Monitor Web console. These are summarized in Chapter 72, 
“Comparing the Monitor Consoles,” on page 1001. 


Monitor Web Console 


The Monitor Web console is also platform-independent and can be viewed at the following URL: 


http://web_server_address/gwmon/gwmonitor 
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GroupWise, Monitor 


Novell 


Hide Subgroup Agents || Problem || Suspend || Resume || Move || Options || Thresholds || Help 


Ola) B 
DS Corporate Monitored agents for "Corporate" group 
(9) OES Agents Total: 9 Displayed: 1-9 
(9) SLES Agents Refresh 
' Windows Agents 7 
O Name Status Status Duration 
Create O © provo1 Normal Od1h54m 
Kaname [1 © DevelopmentProvo1 Normal Od1h54m 
Move — = 
= 9) GWIAProvo1 Normal Od1h54m 
lee 
Refresh O © Provo Normal Od1h54m 
ea CO © GWAProvo3 Normal Od 1h54m 
o 9 Research Provo3 Normal Od1h54m 
oO ©) Provo2 Normal Od1h54m 
OD © GwaProvo2 Normal Od1h54m 
L] @ SalesProvo2 Normal Od1h54m 


Up Time 

0d6h39m 
0d6h39m 
0d6h38m 
Od2h29m 
Od2h29m 
Od2h29m 
0d1h53m 
Od1h52m 
0d1h52m 


Type 
MTA 


POA 
GWIA 
MTA 
GWIA 
POA 
MTA 
GWIA 
POA 


Version 

12.0.0 (12/03/2011) 
12.0.0 (12/03/2011) 
12.0.0 (12/03/2011) 
12.0.0 (12/03/2011) 
12.0.0 (12/03/2011) 
12.0.0 (12/03/2011) 
12.0.0 (12/3/2011) 
12.0.0 (12-03-11) 
12.0.0 (12/3/2011) 


Platform 
Linux 
Linux 
Linux 
Linux 
Linux 
Linux 
Windows 
Windows 


Windows 


To create the Monitor Web console display, your Web server communicates with the Monitor 
Application (a component of your Web server), which then communicates with the Monitor Agent to 
obtain agent status information. This enables the Monitor Web console to be available outside your 

firewall, while the Monitor Agent Web console can be used only inside your firewall. 


The Monitor Web console is divided into the Agent Groups window on the left and the Agent Status 
window on the right. Using the Agents Groups window, you can create and manage agent groups 


the same as you can at the Monitor Agent server console. 


The Monitor Web console does not include some features that are available at the Monitor Agent 


server console and the Monitor Agent Web console. These are summarized in Chapter 72, 
“Comparing the Monitor Consoles,” on page 1001. 
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Configuring the Monitor Agent 


For GroupWise Monitor system reguirements, see “Monitor System Reguirements” in the GroupWise 
2012 Installation Guide. For detailed instructions about installing and starting the Group Wise Monitor 
Agent for the first time, see “Installing GroupWise Monitor” in the GroupWise 2012 Installation Guide. 


The default configuration of the GroupWise Monitor Agent is adeguate to begin monitoring existing 
GroupWise agents (Post Office Agents, Message Transfer Agents, and Internet Agents). You can also 
customize the configuration to meet your specific monitoring needs. 


On Windows, you configure the Monitor Agent at the Monitor Agent server console on the Windows 
server where the Monitor Agent is running. 


È sroupwise one 


Configuration View Actions Reports Log Help 
| Status | Status Duration | Name | Type [UpTime | Closed Links 


Od2h6m Development.Provol POA Od6h54m Linux 
Od2h6m GWiIA.Provol GWld = Od6h53m Linux 
Od2h6m GWIA.Provo2 GWIA Od2h?m Windows 
Od2h6m Gwl. Provo3 Gwld = Od2h44m Linux 
Od2h6m Provo1 MTA Od6h54m Linux 
Od2h6m Provo2 MTA Od2h8m Windows 
Od2h6m Provo3 MTA Od2h44m Linux 
Od2h6m Research.Provo3 POA Od2h44m Linux 
Od2h6m Sales.Provo2 POA Od2h7m ‘Windows 


On Linux, similar functionality is available in your Web browser at the Monitor Agent Web console: 


http://localhost : 8200 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


® Y Corporate Monitored agents for Corporate 
Y OES Agents [3] Up Time: 0 d2h5m 
WSLES Agents [3] [Pal | [Fide Subgroup Agents | [Problem | [ Suspend | [Resume | [Move] [LOpions | [Thresholds 
Ÿ Windows Agents [3] = = 5 = 
[| Status Status Duration Name Type UpTime Closed Links Queued Platform Version 
TT W noma 042h5m  DevelopmentProvoi POA Od6h49m NA NWA Linux 12.0.0 (12/03/2011) 
C A koma 042h5m  GWIAProvot GWIA Od6h48m NA NWA Linux 12.0.0 (12/03/2011) 
C W koma 042h5m  GWIAProve2 GWIA Od2h2m NA NA Windows 12.0.0 (12-02-11) 
C W Normal 042h5m  GWIAProves GWIA Od2h39m NA NA Linux 12.0.0 (12/03/2011) 
C WP koma 042h5m  Provoi MTA 0d6h49m o 0 Linux 12.0.0 (12/03/2011) 
TT W koma 042h5m — Provo2 MTA 0d2h3m o o Windows 12.0.0 (12/3/2011) 
TT W noma 092h5m — Proved MTA Od2h39m o o Linux 12.0.0 (12/03/2011) 
T Y homa 0d2h5m Research. Provo3 POA 0d2h39m NA NA Linux 12.0.0 (12/03/2011) 
T Arora 0d2h5m — SalesProvo2 POA 0d2h2m NA NA Windows 12.0.0 (12/3/2011) 
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The following topics help you customize the Monitor Agent for your specific needs: 


+ 


+ 


+ 


+ 


+ 


+ 


+ 


Section 69.1, “Selecting Agents to Monitor,” on page 946 

Section 69.2, “Creating and Managing Agent Groups,” on page 949 

Section 69.3, “Configuring Monitoring Protocols,” on page 952 

Section 69.4, “Configuring Polling of Monitored Agents,” on page 956 

Section 69.5, “Configuring Email Notification for Agent Problems,” on page 957 

Section 69.6, “Configuring Audible Notification for Agent Problems,” on page 961 

Section 69.7, “Configuring SNMP Trap Notification for Agent Problems,” on page 962 
Section 69.8, “Configuring Authentication and Intruder Lockout for the Monitor Web Console,” 
on page 964 

Section 69.9, “Configuring Monitor Agent Log Settings,” on page 965 

Section 69.10, “Configuring Proxy Service Support for the Monitor Web Console,” on page 966 
Section 69.11, “Monitoring Messenger Agents,” on page 967 


Section 69.12, “Supporting the GroupWise High Availability Service on Linux,” on page 968 


69.1 Selecting Agents to Monitor 


By default, the Monitor Agent starts monitoring all GroupWise agents (Post Office Agents, Message 
Transfer Agents, and Internet Agents) in your GroupWise system, based on the information from a 
domain database (wpdomain.db). You might not want to continue monitoring all agents. Under 
certain circumstances, you might want to monitor agents that are not part of your local GroupWise 
system. 


+ 


+ 


+ 


+ 


+ 


Section 69.1.1, “Filtering the Agent List,” on page 946 
Section 69.1.2, “Adding an Individual Agent,” on page 947 
Section 69.1.3, “Adding All Agents on a Server,” on page 948 
Section 69.1.4, “Adding All Agents on a Subnet,” on page 948 
Section 69.1.5, “Removing Added Agents,” on page 949 


69.1.1 Filtering the Agent List 


You can configure the Monitor Agent to stop and start monitoring selected agents as needed. 


1 


On Windows, at the Monitor Agent server console, click Configuration > Filter. 


Fiter xl 


Filtered Out Monitored OK 
Teaming.Provo1 Development. Provo1 
Marketing. Provo3 Cancel 
>> Add >> Provol 
Provo1.GWlA Help 
Provo2 esi 
Add All Provo2.GWIA Agent Types 
Provo3 
Provo3.GWIA M MTA 
Sales.Provo2 
IV POA 


IV GWA 
I” WebAccess 


Remove All 


I Gateway 
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or 


On Linux, at the Monitor Agent Web console, click Preferences > Filter. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Setup | Custom Views | States | Filter | Add Agents | Remove Agents 
© Filtered out ©] Monitored 
F 


(CT Development.Provot 
| GWIA.Provot 


GWIA.Provo2 


GE 


'GWIA.Provo3 
Marketing. Provo4 
Provot 

Provo2 

Provo3 
Research.Provo3 


OAAASAOAC 


Sales.Provo2 


The Filtered Out list displays all agents that are not currently being monitored. 


2 Select one or more agents in the Monitored list, then click Remove to move them to the Filtered 


Out list. 
3 Click OK. 


Agents in the Filtered Out list are not monitored and do not appear at the Monitor Agent server 


console or at the Monitor Agent Web console. To start monitoring a filtered-out agent, move it back to 


the Monitored list. 


Adding an Individual Agent 


You can start monitoring an individual agent anywhere in your GroupWise system or another 


GroupWise system. 


1 On Windows, at the Monitor Agent server console, click Configuration > Add Agent. 


x 
Enter the address of the new Agent. 
adess 77000000 Cancel 
Port [ Help 


or 


On Linux, at the Monitor Agent Web console, click Preferences > Add Agents. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Setup | Custom Views | States | Filter | Add Agents | Remove Agents 
Add Agent 


Address: 


Port: 
HTTP User Name: 
HTTP Password: 


2 Type the IP address of the server where the agent runs. 
3 Type the port number the agent listens on. 
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4 Click OK. 


The agent is added to the list of monitored agents. 


69.1.3 Adding All Agents on a Server 


69.1.4 


If you add a new server to your GroupWise system or want to monitor agents in a different 
GroupWise system, you can easily start monitoring all the agents running on that server. 


1 On Windows, at the Monitor Agent server console, click Configuration > Add from Machine. 


Add from Machine x| 


Enter the machine address OK | 
| Cancel | 


Help | 


or 
On Linux, at the Monitor Agent Web console, click Preferences > Add Agents. 
Add from Machine 


Machine Address: 


SNMP Community String: 


2 Type the IP address of the new server, then click OK. 


All GroupWise agents on the new server are added to the list of monitored agents. 


If the new server is part of your local GroupWise system, you can simply restart the Monitor Agent 
and it picks up all new agents in your system. 


Adding All Agents on a Subnet 


If you add several new servers to your GroupWise system or want to monitor agents in a different 
GroupWise system, you can easily start monitoring all the agents running on the same subnet. 


1 On Windows, at the Monitor Agent server console, click Configuration > Add from Network. 


Add from Network 1 E 


Enter the subnet OK 


1 O Cancel | 
Help | 


or 


On Linux, at the Monitor Agent Web console, click Preferences > Add Agents. 


Add from Network 


Subnet Address: 


SNMP Community String: 


2 Type the subnet portion of the IP addresses of the new servers, then click OK. 


All GroupWise agents on the subnet are added to the list of monitored agents. 
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If the new servers are part of your local Group Wise system, you can simply restart the Monitor Agent 


and it picks up all new agents in your system. 


Removing Added Agents 


To stop monitoring agents that you have manually added to the Monitor Agent's configuration: 


1 On Windows, at the Monitor Agent server console, click Configuration > Remove Agents. 


or 


On Linux, at the Monitor Agent Web console, click Preferences > Remove Agents. 


2 Select the agents you want to remove, then click Remove. 


3 Click OK. 


Creating and Managing Agent Groups 


You might find it convenient to group related agents together for monitoring purposes. Initially, all 
agents are in a single group with the same name as your GroupWise system. 


È sroupwise monitor VEE 


Configuration View Actions Reports Log Help 


Development.Provol POA 


Od2h6m 
Od2h6m 
Od2h6m 
Od2h6m 
Od2h6m 
Od2h6m 
Od2h6m 
Od2h6m 
Od2h6m 


GWIA.Provol 
GWIA.Provo2 
GWIA.Provo3 
Provol 

Provo2 

Provo3 
Research.Provo3 
Sales.Provo2 


GWIA 
GWIA 
GWIA 
MTA 
MTA 
MTA 
POA 
POA 


Od6h54m 
Od6h53m 
Od2h?m 
Od2h44m 
Od6h54m 
Od2h8m 
Od2h44m 
Od2h44m 
Od2h7m 


Linux 
Linux 
Windows 
Linux 
Linux 
Windows 
Linux 
Linux 
‘Windows 
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Agent groups are displayed on the left side of the Monitor Agent server console. When you select an 
agent group, the monitored agents in the group and their status information are listed on the right 
side of the Monitor Agent server console. 


LT lolx 


Configuration View Actions Reports Log Help 


DES Agents [3] YW Normal Od1h5im Development.Provol POA Od6h39m Linux 
SLES Agents [3] WNomal Od1h5tm = GWIAProvol GWIA  Od6h38m Linux 
Windows Agents [3] yy omal OdthSim  GWIAProvo2 GWIA O0d1h52m Windows 
@ Normal Od1h51m GWIA.Provo3 Gwlé  Od2h29m Linux 
WNomal  Od1h51m Provol MTA Od6h39m Linux 
YW Normal Odih51m Provo2 MTA Od1h53m ‘Windows 
WNomal Od1h51m Provo3 MTA Od2h29m Linux 
@ Normal  Od1h51m Research Provo3 POA Od2h29m Linux 
WNomal Od1h51m Sales.Provo2 POA Od1h52m ‘Windows 


You can create additional groups and subgroups as needed to make monitoring similar agents easier. 
You might want to create agent groups based on geographical areas, on administrative 
responsibilities, or on agent configuration similarities. The number of agents in the group is 
displayed to the right of the group name in the Agent Groups window. 


In addition, by creating agent groups, you can provide configuration settings for monitoring just 
once for all agents in each group, rather than providing them individually for each agent in your 
GroupWise system. 

+ Section 69.2.1, “Creating an Agent Group,” on page 950 

+ Section 69.2.2, “Managing Agent Groups,” on page 951 

+ Section 69.2.3, “Viewing Your Agent Group Hierarchy,” on page 951 

+ Section 69.2.4, “Configuring an Agent Group,” on page 952 


NOTE: On Linux, you perform these tasks at the Monitor Agent Web console or Monitor Web 
console, using steps similar to those provided in this section. 


Creating an Agent Group 


On Windows, at the Monitor Agent server console: 


1 Right-click the folder where you want to create the agent group, then click Create. 

2 Type a name for the new group, then click OK to create a new folder for the agent group. 
The group name must be unique within its parent group. 

3 Click a folder containing agents that you want to add to the new group. 

4 Drag and drop agents into the new group as needed. 


5 Click the new group to view its contents. 
On Linux, at the Monitor Agent Web console: 


1 Inthe Agent Groups window, click Create. 


2 Type a name for the new group, select the parent group for the new group, then click Create. 
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3 Inthe Agent Status window, select one or more agents to add to the new group, then click Move. 
4 Inthelistof available groups, select the new group, then click Move. 


5 Click the new group to view its contents. 


You can nest groups within groups as needed. 


Managing Agent Groups 
On Windows, at the Monitor Agent server console: 


+ To rename an agent group, right-click the agent group, click Rename, type the new name, then 
press Enter. 


+ To move an agent group, drag and drop it to its new location. 


+ To delete an agent group, right-click the agent group, then click Delete. A group must be empty 
before you can delete it. 


On Linux, at the Monitor Agent Web console: 


+ To rename an agent group, click Rename, type the new name, select the group to rename, then 
click Rename. 


* To move an agent group, click Move, select the group to move, select the new location, then click 
Move. 


+ To delete an agent group, click Delete, select the group to delete, then click Delete. 


Viewing Your Agent Group Hierarchy 
When you create nested groups, you can choose how much of the hierarchy you want displayed. 
On Windows, at the Monitor Agent server console: 


+ To open and close groups, click the plus or minus icons next to each folder. 


+ To expand your entire group hierarchy, click View > Expand Tree. 
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* To collapse your entire group hierarchy, click View > Collapse Tree. 


+ You can decide whether you want to view just the agents in the currently selected group or the 
agents in subgroups as well. By default, only the agents in the selected folder are listed in the 
agent window. Right-click an agent group, then click Show Subgroup Agents to display the 
contents of nested groups along with the selected group. 


i nix 


Configuration View Actions Reports Log Help 


[0.3] | Status [ Status Duration [Name [Type [UpTime | Closed Links | Queued | Platform | 

DES Agents [3] @ Normal = Odih5Im  DevelopmentPiovol POA  Od6h39m N/A N/A Linux 
SLES Agents [3] W Noma Od1hStm  GWIA.Provol GWIA Od6h38m N/A N/A Linux 
Windows Agents E] | jp Normal Odihõim  GWlé.Provo2 GWA  Odih52m NA N/A Windows 

@ Normal  Od1h51m GWIA,.Provo3 Gwlé Od2h29m N/A N/A Linux 

YW Normal Od1h51m Provol MTA Od6h39m 0 Linux 

@ Normal  Od1h51m Provo2 MTA Od1h53m 0 ‘Windows 

@ Normal = Od1h51m Provo3 MTA Od2h29m 0 Linux 

@ Normal Od1h51m Research.Provo3 POA Od2h29m N/A N/A Linux 

YW Normal  Od1h51m Sales.Provo2 POA Od1h52m N/A N/A ‘Windows 


|Next Poll: 260 seconds 


Numbers in brackets next to each group indicate the number of agents in the selected group and the 
total number displayed. 


Configuring an Agent Group 


Configuration settings for monitoring can be set individually for each monitored agent, for each 
agent group, or for all monitored agents collectively. 


You can establish default configuration settings for all agents by setting them on the root agent group 
that is named the same as your GroupWise system. Those default settings can be inherited by each 
subgroup that you create thereafter if you select Apply Options to Subgroups. Those default settings 
can be overridden by establishing different settings for an agent group or for an individual agent if 
you deselect Use Parent Options. 


Configuring Monitoring Protocols 


By default, the Monitor Agent uses HTTP to communicate with the agents it monitors. If HTTP is not 
available, the Monitor Agent changes automatically to SNMP. 


GroupWise 2012 agents, GroupWise 8 agents, GroupWise 7 agents, GroupWise 6.x agents and 6.x- 
level gateways, as well as the GroupWise agents provided with the GroupWise 5.5 Enhancement 
Pack, can be monitored using HTTP. Agents dating from GroupWise 5.5 and earlier, as well as 5.5- 
level GroupWise gateways, must be monitored using SNMP. 


+ Section 69.3.1, “Configuring the Monitor Agent for HTTP,” on page 953 
+ Section 69.3.2, “Configuring the Monitor Agent for SNMP,” on page 955 
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69.3.1 Configuring the Monitor Agent for HTTP 


You can customize how the Monitor Agent communicates with your Web browser. 


1 On Windows, at the Monitor Agent server console, click Configuration > HTTP. 


x 
HTTP Status: 
HTTP Refresh Bog = seconds Cancel 
HTTP Port =] 

orl 8200 x Help 


J Open a new window when viewing agents 


r Authentication 

T Require authentication to browse GW Monitor 
User name (— 
Password =z 
Password Confirm a 

Intruder Lockout Count [o 


Intruder Lockout Period [0 =] minutes 


Intruder Lockout Status Static 


Clear Lockout | 


or 


On Linux, at the Monitor Agent Web console, click Preferences > Setup, then scroll down to the 


HTTP Settings section. 
HTTP Settings 
Browser Refresh Rate [oo 
Poll Cycle Fo 
New Browser O 


2 Modify the HTTP settings as needed: 


HTTP Refresh: Specify the number of seconds after which the Monitor Agent sends updated 
information to the Monitor Web console. The default is 300 seconds (5 minutes). 


HTTP Port: Specify the port number for the Monitor Agent to listen on for requests for 
information from the Web console. The default port number is 8200. 


NOTE: On Linux, at the Monitor Agent Web console, the HTTP Port field is not available. 
However, you can use the --httpport startup switch when you start the Monitor Agent to achieve 
the same functionality. For more information, see Chapter 73, “Using Monitor Agent Startup 
Switches,” on page 1003. 


Open a new window when viewing agents: Select this option to open a new Web browser 
window whenever you display an agent Web console. This enables you to view the Monitor Web 
console and an agent Web console at the same time, or to view two agent Web consoles at the 
same time for comparison. 


3 Click OK to put the new HTTP settings into effect. 
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4. On Windows, at the Monitor Agent server console, click Configuration > Poll Settings. 


x 
F Use Parent Polling Option 
Poll Cycle m y seconds Cancel 
HTTP Help 


HTTP User Name 
HTTP Password 


SNMP 


30 Š] seconds 


Number of Retries 2 =| 
SNMP Community Strings [pubie 


Comma separated list of community strings 


I” Force polling through SNMP 


Time-out 


I Apply options to subgroups 


or 


On Linux, at the Monitor Agent Web console, click Preferences > Setup, then scroll down to the 


HTTP Settings section. 
HTTP Settings 
Browser Refresh Rate [oo 
Poll Cycle Fo 
New Browser O 


5 Fill in the following fields: 


Poll Cycle: Specify the number of seconds after which the Monitor Agent polls all monitored 
GroupWise agents for updated information. 


By default, the Monitor Agent starts 20 threads to poll monitored agents. You can use the 
--pollthreads startup switch to adjust the number of threads. For more information, see 
Chapter 73, “Using Monitor Agent Startup Switches,” on page 1003. 


By default, the Monitor Agent communicates with other GroupWise agents by way of XML. 
However, if XML is unavailable, the Monitor Agent automatically uses SNMP instead. Prior to 
the GroupWise 5.5 Enhancement Pack, GroupWise agents did not support XML, so the Monitor 
Agent must use SNMP to monitor these older agents. If you need to monitor older agents, see 
Section 69.3.2, “Configuring the Monitor Agent for SNMP,” on page 955. 


If all monitored agents in the group require the same user name and password in order to 
communicate with the Monitor Agent, you can provide that information as part of the Monitor 
Agent's configuration. 


HTTP User Name: Provide the user name for the Monitor Agent to use when contacting 
monitored agents in the group for status information. 


HTTP Password: Provide the password, if any, associated with the user name specified in the 
field above. 


NOTE: On Linux, at the Monitor Agent Web console, the HTTP User Name and HTTP Password 
fields are not available. However, you can use the --httpagentuser and --httpagentpassword 
startup switches when you start the Monitor Agent to achieve the same functionality. For more 
information, see Chapter 73, “Using Monitor Agent Startup Switches,” on page 1003. 
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If the monitored agents use different user names and passwords, you are prompted to supply 
them when the Monitor Agent needs to communicate with the monitored agents. 


6 Select Apply options to subgroups if you want subgroups to inherit these settings. 
7 Click OK to put the specified poll cycle into effect. 


Configuring the Monitor Agent for SNMP 


The Monitor Agent must use SNMP to communicate with GroupWise agents that date from earlier 
than the GroupWise 5.5 Enhancement Pack. You can customize how the Monitor Agent 
communicates with such older agents and how it communicates with SNMP monitoring and 
management programs. 


1 On Windows, at the Monitor Agent server console, click Configuration > Poll Settings. 


x 
D Use Parent Polling Option 
Poll Cycle m =] seconds Cancel 
HTTP Help 


HTTP User Name 
HTTP Password 


SNMP 


Time-out 30 Š] seconds 


Number of Retries 2 | 
SNMP Community Strings [pubie 


Comma separated list of community strings 


I Force polling through SNMP 


I Apply options to subgroups 


or 


On Linux, at the Monitor Agent Web console, click Preferences > Setup, then scroll down to the 
SNMP Settings section. 


SNMP Settings Submit 
SNMP Community Strings: public 

Time-out 30 

Number of Retries 2 

Force polling through SNMP CO 


2 Specify the number of seconds after which the Monitor Agent polls all monitored GroupWise 
agents for updated information using SNMP. 


3 Inthe SNMP box, modify the SNMP settings as needed: 


Time-out: Specify the number of seconds the Monitor Agent should wait for a response from 
servers where Group Wise agents run. 


Number of Retries: Specify how often the Monitor Agent should try to contact the servers 
where Group Wise agents run. 


SNMP Community Strings: Provide a comma-delimited list of community strings reguired to 
access the servers where GroupWise agents run. 
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Force polling through SNMP: Select this option to use SNMP polling instead of the default of 
XML polling when contacting servers where agents in the group run. 


4. Click Apply options to subgroups if you want subgroups to inherit these settings. 
5 Click OK to put the new SNMP settings into effect. 
6 Make sure the GroupWise agents you want to monitor using SNMP are enabled for SNMP. See 


Section 37.6.1, “Setting Up SNMP Services for the POA,” on page 553 and Section 43.6.1, 
“Setting Up SNMP Services for the MTA,” on page 679. The same instructions can be followed 
for all versions of the GroupWise agents. 


69.4 Configuring Polling of Monitored Agents 
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By default, the Monitor Agent polls all monitored agents every five minutes. You can adjust the poll 
cycle as needed. 


1 On Windows, at the Monitor Agent server console, select the root agent group to set the poll 


cycle default for all monitored agents. 

or 

Select any agent group to set the poll cycle for the agents in the selected group. 
or 

Select any agent to set the poll cycle for that individual agent. 

then 

Click Configuration > Poll Settings. 


Group Poll Settings - Corporate Mail B x| 
Use Parent Polling Options 


Poll Cycle ET E seconds Cancel 


HTTP: Help 
HTTP User Name 


HTTP Password 


r SNMP 


Time-out 30 | seconds 


Number of Retries |? | 
SNMP Community Strings pubic 


Comma separated list of community strings 


F Force polling through SNMP 


T Apply options to subgroups 


Unless you selected the root agent group, Use Parent Polling Options is selected and all options 
are dimmed. Deselect Use Parent Polling Options to configure polling for an agent group or 
individual agent. 


or 
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On Linux, at the Monitor Agent Web console, select one or more agents, click Preferences > Setup, 
then scroll down to the HTTP Settings section. 


HTTP Settings 
Browser Refresh Rate [300 
Poll Cycle Fo 


New Browser 


NOTE: The Use Parent Polling Options and Apply Options to Subgroups options are not available 
on Linux. 


2 Increase or decrease the poll cycle as needed, then click OK. 


Configuring Email Notification for Agent Problems 


The Monitor Agent can notify you by email when agent problems arise. 


+ Section 69.5.1, “Configuring Email Notification,” on page 957 
+ Section 69.5.2, “Customizing Notification Thresholds,” on page 959 


Configuring Email Notification 


You can configure the Monitor Agent to notify one or more users by email if an agent goes down. You 
can also receive email confirmation messages showing that the Monitor Agent itselfis still running 
normally. 


1 On Windows, at the Monitor Agent server console, select the root agent group to set up email 
notification defaults for all monitored agents. 
Or 
Select any agent group to set up email notification for the agents in the selected group. 
Or 
Select any agent to set up email notification for that individual agent. 


then 
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Click Configuration > Notification. 


Group Notification - Corporate Mail p xj 
F Use Parent Notification Options 
Notification List 

Cancel 


Comma separated list of users to notify 


Mail Domain Name [ 
Relay Address [ 


FT Send SNMP Traps 


IV Play Sound Sounds | 


Notification Events 
FN Agent Down 


I Server Down 


IV Threshold Exceeded Thresholds | 
Minimum threshold level for notification {Unknown >| 


IV. State retums to Normal 


Test Notifiy 


ddai 


Help 


Repeat Notification After [15 a minutes 
J Periodic Monitor Confirmation 


Confirm fi = minutes 


I Apply options to subgroups 


Unless you selected the root agent group, Use Parent Notification Options is selected and all 
options are dimmed. Deselect Use Parent Notification Options to set up email notification for an 
agent group or an individual agent. 


or 
On Linux, at the Monitor Agent Web console, select one or more agents, then click Preferences > 
Setup to display the Notify settings. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Setup | Custom Views | States | Filter | Add Agents | Remove Agents 
Preferences Cis 


Notify 


Notification List 


| 
Mail Domain Name [OO 
Relay Address: Ll 
Send SNMP Traps CO 
Trap Targets. 

Comma separated list of address:community pairs 
Agent Down 


Server Down 
Threshold Exceeded 


Minimum Threshold nknown 


State returns to Normal 


Notification Repeat Time (minutes) 


[E 
4 


Periodic Notification 


NOTE: The Use Parent Notification Options and Apply Options to Subgroups options are not 
available on Linux. 


2 Specify one or more email addresses or pager addresses to send notifications to. 
3 Specify the Internet domain name of your GroupWise system. 


4 If the mail system to which email notification is being sent performs reverse DNS lookups, 
specify the IP address or hostname of a server to relay the notification messages through. 
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The Monitor Agent should relay email notifications through a server that has a published DNS 
address. 


5 On Windows, at the Monitor Agent server console, click Test Notify to determine if the Monitor 
Agent can successfully send to the addresses specified in the Notification List field. 


A message informs you of the results of the test. If the test is successful, a test message arrives 
shortly at each address. If the test is unsuccessful, verify the information you provided in the 
Notification List, Mail Domain Name, and Relay Address fields. 


NOTE: On Linux, at the Monitor Agent Web console, email notifications cannot be tested. 


6 Selectthe events to trigger email notification messages. 
+ Agent Down 
+ Server Down 
+ Threshold Exceeded 
+ State returns to Normal 


If you want to be notified of more specific states, see Section 69.5.2, “Customizing Notification 
Thresholds,” on page 959. 


7 Selectthe amount of time that you want to elapse before repeat email notifications are sent. 


8 To monitor the Monitor Agent and assure it is functioning normally, select Periodic Monitor 
Confirmation, then select the number of minutes between Monitor Agent email confirmation 
messages. 


9 Click OK to save the email notification settings. 


Customizing Notification Thresholds 


To refine the types of events that trigger email notification messages, you can create your own 
thresholds that describe very specific states. Using thresholds, you can configure the Monitor Agent 
to notify you of problem situations peculiar to your GroupWise system. 


1 Make sure that notification has been properly set up as described in Section 69.5.1, “Configuring 
Email Notification,” on page 957. 
2 On Windows, at the Monitor Agent server console, click Configuration > Thresholds. 


Group Thresholds - Corporate Mail E E 21x| 


MTA | POA | Gwia | Webdccess| DVA | Gateways | 


FE Use Parent Threshold 


[Expression State [Severity Apply to subgroups | 
Delete Threshold] 


Number of messages in admin gueues. 


Expression |mtaSDAQCount X f= = 
sa Entical zi Add Threshold | 


J Apply threshold to subgroups 


J Overwrite all thresholds in subgroups 


or 
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On Linux, at the Monitor Agent Web console, click Thresholds on the Status page. 


Thresholds for "Corporate" 


MTA | POA | GWIA | WEBACC | DVA | GATEWAY 


Thresholds - Gateways 


Expression State Delete 


Add Threshold 


Expression Operator Value State 


ngwGatewayName X < v 0 Unknown M 


Apply threshold to subgroups 


Add Threshold 


The tabs at the top of the dialog box enable you to create a separate threshold for each type of 
GroupWise agent. 


Select the type of agent to create a threshold for. 


4 Inthe Expression field, select a MIB variable. 


GroupWise agent MIB files are located in the /agents/snmpmibs directory of your GroupWise 
software distribution directory or the downloaded Group Wise 2012 software image. The MIB 
files list the meanings of the MIB variables and what type of values they represent. The meaning 
of the MIB variable selected in the Expression field is displayed above the field. 


5 Selectan operator from the drop-down list. 


Type the value to test for. 


For example, you might want to test the mtaOldestQMsg variable for a specific number of 
seconds that you consider to be too long for a message to be in the gueue. 


In the State field, select an existing state. 


Icon State 

(2 Unknown 
Normal 
Informational 


Marginal 


Minor 


Major 


Y 
0 
À 
® — Warning 
i 
T 
B 


Critical 


Create a new state: 
7a On Windows, at the Monitor Agent server console, click Define State. 
or 
On Linux, at the Monitor Agent Web console, click Preferences > States. 


7b Type a name for the new state. 
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7c Select a severity level. 
7d Provide instructions about how to handle the new state. 
7e Click Close to save the new state. 

8 Click OK to create the new threshold. 


9 Repeat Step 2 through Step 8 for each type of agent that you want to create a customized state 
for. 


10 Make sure Threshold Exceeded is selected in the Notification Events box. 


11 Click OK to save the new notification settings. 


69.6 Configuring Audible Notification for Agent Problems 


If the server where the Monitor Agent runs is located where someone can respond immediately to a 
GroupWise agent problem, you can configure the Monitor Agent to produce different sounds 
according to the nature of the problem. 


NOTE: Audible notification is not available on Linux. 


On Windows, at the Monitor Agent server console: 


1 Select the root agent group to set up audible notification defaults for all monitored agents. 
or 
Select any agent group to set up audible notification for the agents in the selected group. 
or 
Select any agent to set up audible notification for that individual agent. 

2 Click Configuration > Notification. 


Group Notification - Corporate Mail E 
F Use Parent Notification Option: OK 


Notification List 
Cancel 


Comma separated list of users ta notify 


Mail Domain Name 
Relay Address 


TF Send SNMP Traps 


IV Play Sound Sounds | 


Notification Events 


x 


Test Notifiy 


di 


Help 


M Agent Down 


M Server Down 


M Threshold Exceeded Thresholds | 
Minimum threshold level for notification |Unknown x] 


M State retums to Normal 


Repeat Notification After |15 a minutes 


TF Periodic Monitor Confirmation 


Confirm 1 4 minutes 


I Apply options to subgroups 


Unless you selected the root agent group, Use Parent Notification Options is selected and all 
options are dimmed. Deselect Use Parent Notification Options to set up notification for an agent 
group or individual agent. 
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3 Select Play Sound, then click Sounds. 


x 
Choose the WAY files that will play when the following events occur 
Server Down | Browse... Cancel 
Agent Down EEEL Browse... Help _| 
Server Up | Browse... 


Agent Up Browse... 
Threshold Exceeded Browse... 


4 For each event, browse to and select a sound file to provide audible notification for each type of 
event for the selected agent group. 


The Monitor Agent launches the default media player for whatever type of sound file you select. 
Basic sound files are available in the c: \windows\media directory. 


5 Click OK to return to the Notification dialog box. 


6 Select notification events and other notification settings as described in Section 69.5, 
“Configuring Email Notification for Agent Problems,” on page 957. 


7 Click OK to save the audible notification settings. 


69.7 Configuring SNMP Trap Notification for Agent Problems 


The Monitor Agent can throw SNMP traps for use by the Management and Monitoring component of 
Novell ZENworks for Servers or any other SNMP management and monitoring program. 


1 On Windows, at the Monitor Agent server console, select the root agent group to set up SNMP 
trap notification defaults for all monitored agents. 
or 
Select any agent group to set up SNMP trap notification for the agents in the selected group. 
or 
Select any agent to set up SNMP trap notification for that individual agent. 
then 
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Click Configuration > Notification. 


Group Notification - Corporate Mail e x| 
[E Use Parent Notification Options 


Notification List [ 


Comma separated list of users to notify 


Mail Domain Name [ 
Relay Address [ 


FT Send SNMP Traps 


IV Play Sound Sounds | 


Notification Events 
FN Agent Down 


I Server Down 


IV Threshold Exceeded Thresholds | 
Minimum threshold level for notification {Unknown >| 


M State returns to Normal 


Test Notifiy 


ddai 


Help 


Repeat Notification After [15 a minutes 
J Periodic Monitor Confirmation 


Confirm fi = minutes 


TF Apply options to subgroups 


Unless you selected the root agent group, Use Parent Notification Options is selected and all 
options are dimmed. Deselect Use Parent Notification Options to set up notification for an agent 
group or individual agent. 


or 


On Linux, at the Monitor Agent Web console, select one or more agents, then click Preferences > 
Setup to display the Notify settings. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Setup | Custom Views | States | Filter | Add Agents | Remove Agents 


Notify 
Notification List [OO 
Mail Domain Name [OO 
Relay Address: Lf 
Send SNMP Traps Oo 
Trap Targets: 

Comma separated list of address:community pairs 
Agent Down H 
Server Down E 
Threshold Exceeded E 
Minimum Threshold Unknown v | 
State returns to Normal H 
Notification Repeat Time (minutes) fs 
Periodic Notification fb ©. 


NOTE: The Use Parent Notification Options and Apply Options to Subgroups options are not 
available on Linux. 


2 Select Send SNMP Traps, then click OK. 


3 Make sure that the Monitor Agent is properly configured for SNMP, as described in 
Section 69.3.2, “Configuring the Monitor Agent for SNMP,” on page 955. 
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69.8 Configuring Authentication and Intruder Lockout for the 
Monitor Web Console 


Accessing GroupWise agent status information from your Web browser is very convenient. However, 
you might want to limit access to that information. You can configure the Monitor Agent to reguest a 
user name and password before allowing users to access the Monitor Web console. In addition, you 
can configure the Monitor Agent to detect break-in attempts in the form of repeated unsuccessful 
logins. 


NOTE: To limit access on Linux, use the --httpmonuser and --httpmonpassword startup switches 
when you start the Monitor Agent. For more information, see Chapter 73, “Using Monitor Agent 
Startup Switches,” on page 1003. The intruder lockout functionality is not available on Linux. 


On Windows, at the Monitor Agent server console: 


1 Click Configuration > HTTP. 


xi 
HTTP Status: 
HTTP Refresh m = seconds Cancel 
HTTP Port [e200 + Help 


J Open a new window when viewing agents 


= Authentication 
T Require authentication to browse GW Monitor 
User name 
Password 
Password Confirm 
Intruder Lockout Count 


Intruder Lockout Period minutes 


a 
= 
= 


Intruder Lockout Status Static 


Clear Lockout 


2 Inthe Authentication box, select Require authentication to browse GW Monitor. 
3 Fill in the fields: 


User Name: Provide a user name for the Monitor Agent to prompt for when a user attempts to 
access the Monitor Web console. 


Password: Provide a password for the Monitor Agent to prompt for when a user attempts 
access. Repeat the password in the Password Confirm field. 


For optimum security for the Monitor Web console, use the --httpssl and --httpcertfile startup 
switches, along with a certificate file, when starting the Monitor Agent. For more information, 
see Chapter 73, “Using Monitor Agent Startup Switches,” on page 1003. For background 
information about SSL and how to set it up on your system, see Section 83.2, “Server Certificates 
and SSL Encryption,” on page 1107. 


Intruder Lockout Count: Specify the number of failed attempts the Monitor Agent should allow 
before it stops prompting the potentially unauthorized user for a valid user name and password. 


Intruder Lockout Period: Specify the number of minutes that must elapse before the user can 
again attempt to access the Monitor Web console. 
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If a valid user is locked out of the Monitor Web console, you can use Clear Lockout to grant access 
before the intruder lockout period has elapsed. 


4 Click OK to put the authentication settings into effect. 


69.9 Configuring Monitor Agent Log Settings 


The Monitor Agent writes to two different types of log files: 
+ Event log files record error messages, status messages, and other types of event-related 
messages. 
* History log files record dumps of all MIB values gathered during each poll cycle. 


Log files can provide a wealth of information for resolving problems with Monitor Agent functioning 
or agent monitoring. 


1 On Windows, at the Monitor Agent server console, click Log > Log Settings. 


Log Settings xi 


Browse... | 


C:4gwmoi 
m Event Log Settings ———————~~~~~~~~~~~~ } Cancel | 
Maximum log file age: F4 Days Help | 


Maximum log disk space: [5120 KBytes 


History Lag Settings 


Maximum log file age: 7 Days 


Maximum log disk space: [5120 KBytes 


Or 


On Linux, at the Monitor Agent Web console, click Log > Log Settings. 


Log Settings 
Max Event Log Age: 7 

Max Event Log Size: 5120 

Max History Log Age: 7 

Max History Log Size: 5120 

Gateway Accounting Log Path: İvar/log/novell/groupwise/gwmon/acct 

Max Accounting Log Age: 7 

Max Accounting Log Size: 10240 


2 Fill in the fields: 
Log File Path: Specify the full path of the directory where the Monitor Agent writes its log files. 
The default log file location varies by platform. 


Linux: /var/log/novell/groupwise/monitor/logs 


Windows: c:\ProgramData\Novell\GroupWise Server\Monitor\logs 


Maximum Event Log File Age: Specify the number of days you want Monitor Agent event log 
files to remain on disk before being automatically deleted. The default event log file age is 30 
days. 
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Maximum Event Log Disk Space: Specify the maximum amount of disk space for all Monitor 
event log files. When the specified disk space is used, the Monitor Agent overwrites existing 
Monitor Agent event log files, starting with the oldest. The default is 102400 KB (100 MB) of disk 
space for all Monitor Agent event log files. 


Maximum History Log File Age: Specify the number of days you want Monitor Agent history 
log files to remain on disk before being automatically deleted. The default history log file age is 
30 days. 


Maximum History Log Disk Space: Specify the maximum amount of disk space for all Monitor 
history log files. When the specified disk space is used, the Monitor Agent overwrites existing 
Monitor Agent history log files, starting with the oldest. The default is 102400 KB (100 MB) of 
disk space for all Monitor Agent history log files. 


3 Click OK to put the new log settings into effect. 
4 To view existing event logs, click View > View Log Files. 


5 To view existing history log files, click Log > View History Files. 


Configuring Proxy Service Support for the Monitor Web 
Console 


The Monitor Web console provides links to the agent Web consoles. Although you can access the 

Monitor Web console from outside your firewall, by default you cannot access the agent Web 

consoles from outside your firewall. To enable the Monitor Web console to display the agent Web 

consoles from outside your firewall, you need to enable the Monitor Agent to support proxy service. 
1 Ina text editor, open the Monitor Application configuration file (gwmonitor.cfg) 


2 Locatethe following line: 
Provider.GWMP.Agent.Http.level=basic 
3 Change it to: 
Provider .GWMP . Agent .Http.level=full 


The basic setting restricts use of the Monitor Web console to within a firewall, while the full 
setting allows use of the Web console both inside and outside a firewall. A third setting, none, 
disables use of the Web console. 


4 Save and exit the Monitor Application configuration file. 
5 Start the Monitor Agent with the --proxy startup switch. 


For information about startup switches, see Chapter 73, “Using Monitor Agent Startup 
Switches,” on page 1003. 


Without proxy service support enabled, the Monitor Web console communicates directly with the 
GroupWise agent after it gets a GroupWise agent's address from the Monitor Agent. This process, 
however, does not work when communicating through a firewall. 


With proxy service support enabled, all communication is routed through the Monitor Agent and 
Monitor Application (on the Web server). As long as the Web server can be accessed through the 
firewall, the Monitor Web console can receive information about all GroupWise agents that the 
Monitor Agent knows about. 
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Monitoring Messenger Agents 


Monitor can be used to monitor Messenger agents as well as GroupWise agents. In fact, Monitor can 
be used independently to monitor Messenger Agents. If you start Monitor with no access to the 
GroupWise system, you are prompted for the information Monitor needs in order to start monitoring 
Messenger agents. 


x 
r GroupWise System 
(° GroupWise domain path | Browse. | 
de Cancel | 
© MTA with HTTP enabled Hee | 
Address [ 
Port 7100 


r GroupWise Messenger System 


Novell Messenger system object Browse... | 
Replica address 


(eg. xX. KK. xx. eux] 


Specify a username and password to access the directory 


User name [ Browse... 
Password [ 


To make this information a permanent part of your independent Messenger system, follow the 
instructions in “Using GroupWise Monitor” in “Managing the Messaging Agent” in the Novell 
Messenger 2.2 Administration Guide. 


If Monitor is already monitoring Group Wise agents, then it is easy to add Messenger agents. 


1 On Windows, at the Monitor Agent server console, click Configuration > Add Novell Messenger 
System. 


Add Novell Messenger System i E 


Novell Messenger System Object Browse... 
r Specify a username and password to access the directory Cancel 


User Name [ Browse... | Help 
Password [ 


r Specify how to access the directory 


x 


Use direct access 


Replica Address: 
(eg. xxx. maux KKK. max] 


Or 


On Linux, at the Monitor Agent Web console, click Preferences > Add Agents. 


Add a Novell Messenger System 
Novell Messenger System Object: 

User Name: 

Password: 


Replica Address: (eg. xxx.xxx.xxx.xxx): 
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2 Fillin the following fields in the GroupWise Monitor Startup dialog box or the Add Novell 
Messenger System dialog box: 


Novell Messenger System Object: Browse to and select the eDirectory container where you 
created the Messenger system. 


User Name: Browse to and select a User object that has sufficient rights to enable the Monitor 
Agent to access Messenger object properties in eDirectory. 


Password: Specify the network password associated with the User object. 
Replica Address: Specify the IP address of a server where an eDirectory replica is available. 
3 Click OK to add the Messenger Agent and the Archive Agent to the list of monitored agents. 


69.12 Supporting the GroupWise High Availability Service on 
Linux 


The GroupWise High Availability service, described in “Enabling the GroupWise High Availability 
Service for the Linux GroupWise Agents” in “Installing GroupWise Agents” in the GroupWise 2012 
Installation Guide, relies on the Monitor Agent to know when an agent has stopped and needs to be 
restarted. To enable communication between the Monitor Agent and the High Availability service, 
start the Monitor Agent with the --hauser and --hapassword startup switches, set to the user name 
and password of the Linux user you set up to represent the High Availability service on your Linux 
server. You can also use the --hapoll startup switch to control how often the Monitor Agent contacts 
the High Availability service with agent status information. The default is every 2 minutes. 


The GroupWise High Availability server does not reguire that the Monitor Application is installed. 
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Configuring the Monitor Application 


During installation, the GroupWise Monitor Application is set up with a default configuration. 


However, you can use the information in the following sections to optimize the Monitor Application 


configuration: 


+ Section 70.1, “Editing the gwmonitor.cfg File,” on page 969 

+ Section 70.2, “Setting the Timeout Interval for Inactive Sessions,” on page 969 

+ Section 70.3, “Adjusting Session Security,” on page 970 

+ Section 70.4, “Accommodating Single Sign-On Products,” on page 970 

+ Section 70.5, “Configuring Monitor Application Log Settings,” on page 971 

+ Section 70.6, “Putting the Monitor Configuration Changes into Effect,” on page 972 


Editing the gwmonitor.cfg File 


The location of the gwmonitor.cfg file varies by platform: 


Linux: /var/opt/novell/groupwise/monitor 


Windows: c:\Novell\GroupWise\monitor 


You can use any ASCII text edit that you prefer to edit the gwmonitor . cfg file. 


IMPORTANT: We strongly recommended that you do not modify any settings that are not 
documented in the following sections. 


Setting the Timeout Interval for Inactive Sessions 


By default, administrators are logged out of the Monitor Web console after 20 minutes if they have 
not performed any actions that generate requests. Actions such as polling agents for current status 
and running reports generate requests. Other actions, such as changing the view of existing 
information, and reading Help topics, do not generate requests. 


The timeout interval provides security for GroupWise administrators who forget to log out of the 
Monitor Web console. It also helps the performance of the Web server by freeing the resources 
dedicated to that administrator’s connection. 


To adjust the timeout interval: 


1 Open the gwmonitor.cfg file in a text editor. 


2 Search to find the following line: 


Security.timeout=20 
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3 Change the default of 20 to the number of minutes that you prefer for the timeout interval. 
4 Save the gwmonitor.cfg file. 


5 Skip to Section 70.6, “Putting the Monitor Configuration Changes into Effect,” on page 972. 


Adjusting Session Security 


By default, the Monitor Application uses the Web browser IP address of the Monitor user to confirm 
that, during the same session, it is always communicating with the same user. This is the highest form 
of security and works well for users on desktop workstations. However, for laptops and mobile 
devices that are carried to different places, possibly from one network segment to another, this level 
of security can cause interruptions in user sessions. 


Other Monitor Application security features such as session cookies provide excellent security, even 
without the IP address checking. If you have multiple GroupWise administrators who check 
GroupWise status from various locations, you can turn off the need for confirming the Web browser 
IP address to make the Monitor Web consoles more stable for these mobile administrators. 


To disable IP address checking: 


1 Open the gwmonitor.cfg file in a text editor. 


2 Search to find the following line: 
Security.UseClientIP.enable= 


3 Change true to false. 
4 Save the gwmonitor.cfg file. 


5 Skip to Section 70.6, “Putting the Monitor Configuration Changes into Effect,” on page 972. 


Accommodating Single Sign-On Products 


Some organizations choose to place a single sign-on product such as Novell Identity Manager (http:// 
www.novell.com/products/identitymanager) between users on the Web and the applications they 
access that are running behind the organization’s firewall. If you use a single sign-on product with 
GroupWise Monitor, you must configure the Monitor Application to accommodate the single sign-on 
product. 

1 Open the gwmonitor.cfg file in a text editor. 


2 Search to find the following line: 


#Cookie.domain=.novell.com 


3 Remove the pound sign (#) to activate the setting. 


4 Replace .novell.com with the part of your organization’s Internet domain name that is 
common between the single sign-on product and the Web server where the Monitor Application 
is installed. 


For example, if the IDM server is at idm. novell .comand the Monitor Application is at 
monitor.novell.com, the domain name used to create cookies would be .novell.com, so that 
the cookies are accepted by both servers. 


5 Save the gwmonitor.cfg file. 


6 Skip to Section 70.6, “Putting the Monitor Configuration Changes into Effect,” on page 972. 
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70.5.1 


70.5.2 


70.5.3 


Configuring Monitor Application Log Settings 


Error messages and other information about Monitor Application functioning are written to log files. 
Log files can provide a wealth of information for resolving problems with Monitor Application 
functioning. Logging is enabled by default. 

+ Section 70.5.1, “Locating Monitor Application Log Files,” on page 971 

+ Section 70.5.2, “Configuring Monitor Application Log Settings,” on page 971 

+ Section 70.5.3, “Viewing Monitor Application Log Files,” on page 971 


Locating Monitor Application Log Files 


The default location of the Monitor Application log files is the GroupWise Web application working 
directory. 


You can change the location where the Monitor Application creates its log files, as described in 
Configuring WebAccess Application Log Settings. 


Configuring Monitor Application Log Settings 


1 Open the gwmonitor.cfg file in a text editor. 
2 Search to find the Logging Information section. 
3 Adjust the following log settings as needed: 


Log.maxSize: Specify the maximum amount of disk space you want to use for Monitor 
Application log files. If the disk space limit is exceeded, the Monitor Application deletes log 
files, beginning with the oldest file, until the limit is no longer exceeded. The default disk space 
is 102400 KB (100 MB). 


Log.maxAge: Specify the number of days you want to retain the log files. The Monitor 
Application retains log files for the specified number of days unless the maximum disk space for 
the log files is exceeded. The default age is 30 days. 


Log.level: There are three log levels: 
+ Normal (default) Displays warnings and errors. 


+ Verbose: Displays the Normal log level information, plus information messages and user 
requests. 


+ Diagnostic: Displays all possible information. Use Diagnostic only if you are 
troubleshooting a problem with the Monitor Application. 


The Verbose and Diagnostic log levels do not degrade Monitor Application performance, 
but log files consume more disk space when Verbose or Diagnostic logging is in use. 


4 Save the gwmonitor.cfg file. 


5 Skip to Section 70.6, “Putting the Monitor Configuration Changes into Effect,” on page 972. 


Viewing Monitor Application Log Files 


For the default location of the Monitor log files, see Section 63.2.1, “Locating WebAccess Application 
Log Files,” on page 918. 


When logging is turned on, the Monitor Application creates a new log file each day and each time it 
is restarted (as part of the Web server startup). Therefore, you find multiple log files in the log file 
directory. The first four characters represent the date (mmdd). The next three characters identify the 
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Monitor Application (mon). A three-digit extension allows for multiple log files created on the same 
day. For example, a log file named 0518mon.001 indicates that it is a Monitor Application log file, 
created on May 18. 


Use your text editor of choice to view the Monitor Application log files. 


70.6 Putting the Monitor Configuration Changes into Effect 


+ Section 70.6.1, “Accepting the Default Time Interval,” on page 972 
+ Section 70.6.2, “Changing the Default Time Interval,” on page 972 
+ Section 70.6.3, “Immediately Putting the Configuration Changes into Effect,” on page 972 


70.6.1 Accepting the Default Time Interval 


By default, the Monitor Application checks the gwmonitor.cfg file for changes every 10 minutes. 
When it finds changes, it puts the changes into effect without restarting Tomcat. If you are satisfied to 
have your changes put into effect within this time interval, no action is reguired on your part after 
you edit the gwmonitor.cfg file. 


70.6.2 Changing the Default Time Interval 


You can change the time interval at which the Monitor Application checks the gwmonitor . cfg file for 
changes. 


1 Open the gwmonitor.cfg file in a text editor. 
2 Search to find the following line: 
Config.Update.check=10 


3 Change 10 to the number of minutes Monitor Application to wait before checking for changes to 
its configuration file 


4 Save the gwmonitor.cfg file. 


70.6.3 Immediately Putting the Configuration Changes into Effect 


You can manually restart Tomcat in order to immediately put the changes into effect. 
OES 11: rcnovell-tomcat6 stop 
rcnovell-tomcat6 start 


OES 2 Linux: rcnovell-tomcat5 stop 
rcnovell-tomcat5 start 


SLES 11: rctomcat6 stop 
rctomcat6 start 


SLES 10: rctomcat5 stop 
rctomcat5 start 


Windows: 1. At the Windows server, click Start > Administrative Tools > Services. 
2. Right-click Tomcat 6, then click Restart. 
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Using GroupWise Monitor 


For a review of the three Monitor Agent consoles, see Section 68, “Understanding the Monitor Agent 
Consoles,” on page 941. This section focuses on using the Windows Monitor Agent server console 
and the Monitor Agent Web console, although many of these tasks can also be performed at the 
Monitor Web console. 


The GroupWise Windows Monitor Agent server console displays GroupWise agent status on the 
server where the Monitor Agent runs. On Linux, similar information can be displayed at the Monitor 
Agent Web console. 

+ Section 71.1, “Using the Windows Monitor Agent Server Console,” on page 973 

+ Section 71.2, “Using the Monitor Web Console,” on page 977 

+ Section 71.3, “Generating Reports,” on page 979 

+ Section 714, “Measuring Agent Performance,” on page 989 

+ Section 71.5, “Collecting Gateway Accounting Data,” on page 992 

+ Section 71.6, “Assigning Responsibility for Specific Agents,” on page 998 

+ Section 71.7, “Searching for Agents,” on page 999 


Using the Windows Monitor Agent Server Console 


Initially, the Windows Monitor Agent server console lists all monitored GroupWise agents, along 
with their statuses. 


NOTE: On Windows, agents and agent groups are displayed at the Monitor Agent server console. 
On Linux, similar functionality is available at the Monitor Agent Web console. 


lolx) 


Configuration View Actions Reports Log Help 


| Status [ Status Duration [Name [Type [UpTime | Closed Links | Queued | Platform | 
Od2h6m Development.Provol POA Od6h54m Linux 
Od2h6m GWIA.Provol GWld = Od6h53m Linux 
Od2h6m GWIA.Provo2 Gwlé Od2h?m Windows 
Od2h6m Gwl. Provo3 Gwlä  Od2h44m Linux 
Od2h6m Provo1 MTA Od6h54m Linux 
Od2h6m Provo2 MTA Od2h8m Windows 
Od2h6m Provo3 MTA Od2h44m Linux 
Od2h6m Research.Provo3 POA Od2h44m Linux 
Od2h6m Sales.Provo2 POA Od2h7m ‘Windows 
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After you create agent groups, as described in Section 69.2, “Creating and Managing Agent Groups,” 
on page 949, the agents in each group are displayed when you select a group. 


}@ Groupwise Monitor Oe 
Configuration View Actions Reports Log Help 


E OES Agents [3] Odih5im  DevelopmentProvol POA  Od6h39m Linux 

@ SLES Agents [3] Odihõim  GWIA.Provol GWIA Od6h38m Linux 

Windows Agents [3] Odihõtm  GWlA.Provo? GWIA Od1h52m Windows 
Odih5im  GWIA.Provo3 GWIA Dd2h23m Linux 
Od1h51m Provo1 MTA Od6h39m Linux 
OdihSim Provo2 MTA Od1h53m Windows 
Odih5im Provo3 MTA Od2h29m Linux 
0d1h51m Research. Provo3 POA Od2h29m Linux 


OdihSim Sales.Provo2 POA Od1h52m Windows 


You can display many types of monitoring information at the Windows Monitor Agent server 
console. 


+ Section 71.1.1, “Viewing All Agents,” on page 974 

+ Section 71.1.2, “Viewing Problem Agents,” on page 975 

+ Section 71.1.3, “Viewing a Windows Agent Server Console,” on page 975 

+ Section 71.1.4, “Viewing an Agent Web Console,” on page 976 

+ Section 71.1.5, “Polling the Agents for Updated Status Information,” on page 977 


7111 Viewing All Agents 


After you have separated your agents into groups, you can still view all agents in your GroupWise 
system in a single list. 


1 On Windows, at the Monitor Agent server console, right-click the root agent group, then click 
Show Subgroup Agents. 


O croup Honiton T 


Configuration View Actions Reports Log Help 
| Status | Status Duration | Name | Type [UpTime | Closed Links | Queued | Platfom | 


DES Agents [3] YNomal Od1h5Stm  DevelopmentProvol POA  Od6h39m N/A N/A Linux 
SLES Agents [3] © Normal OdthStm GWIAProvol GWIA  Od6h38m N/A Linux 
© Windows Agents [3] | pp Normal Od1h5tm  GWIA.Provo2 GWIA = Od1h52m N/A Windows 
@ Nomal OdthStm  GWlä.Provo3 GWIA  Od2h29m N/A Linux 
YW Normal  Od1h51m Provo1 MTA Od6h39m Linux 
@ Normal Od1h51m Provo2 MTA Od1h53m Windows 
Odih5im Provo3 MTA Od2h29m Linux 
Odih5im Research.Provo3 POA Od2h29m Linux 
Odih5im Sales.Provo2 POA Od1h52m Windows 
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Or 


On Linux, at the Monitor Agent Web console, click the root agent group, then click Show 
Subgroup Agents. 


You can use the Show Subgroup Agents feature on any group that contains nested subgroups. 


Viewing Problem Agents 


In a single agent group or in a group with subgroups shown, you can filter the list to show only those 
agents whose status is not Normal. 


1 On Windows, at the Monitor Agent server console, click View > Problem Agents. 
lol x! 


Configuration View Actions Reports Log Help 


H- Corporate (0. 9] 


TTL TAL cc Platform 
(><) Not Listening OdOh1m GW 03 GWIA Unknown N/A 

G9 Not Listening OdOhOm Provo: MTA Unknown 0 Lux 
EÐ Not Listening OdOh1m Research.Provo3 POA Unknown N/A N/A 


[Next Poll: 285 seconds HTP: 8200 JAgents: 3 


Or 
On Linux, at the Monitor Agent Web console, click Problems. 


Only problem agents are now displayed. If you leave the Monitor Agent with only problem 
agents displayed, many groups might appear empty because all agents have a status of Normal. 


2 On Windows, to view all monitored agents again, click View > All Agents. 
Or 


On Linux, click System. 


Viewing a Windows Agent Server Console 


An active agent server console displays on each server where a Windows GroupWise agent is 


running. You can display a similar agent server console from the Windows Monitor Agent server 
console. 
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NOTE: This feature is not available on Linux. 


1 Right-click an agent, then click Agent Console. 


W Provo1 - GroupWise MTA (GroupWise Monitor) = Oj x} 
Eile Configuration 
Provol Normal Up Time: 15 Days 4 Hrs 13 Mins 
Status Statistics 
Total Closed Total = 10 Minutes 
Domains 3 0 Routed 364 0 
Post Offices 2 0 Undeliverable 0 0 
Gateways 2 0 Errors 0 0 


Count 
Provol 0 Domain Open 
Development 0 Post Office Open 
GWIA 0 Gateway Open 
Teaming 0 Post Office Open 
Provo2 0 Domain Open 


You cannot control the agent from the Monitor Agent as you can at the actual agent server console, 
but you can gather status information about the monitored agent. 


Viewing an Agent Web Console 


An agent Web console can be displayed anywhere you have access to a Web browser and the 
Internet. 


1 On Windows, at the Monitor Agent server console, right-click an agent, then click Agent Web 


Console. 


or 


On Linux, at the Monitor Agent server console, click the domain or post office link. 


GroupWise 2012 POA - Development.Provo1 


Status | Configuration | Environment | Log Files | Scheduled Events | MTP Status | Help 


GroupWise Post Office Agent 


2 Days 22 Hours 16 Minutes 
Total 
C/S Users 1 
Application Connections 2 
Physical Connections 0 
SOAP Sessions 0 
Priority Queues 0 
Normal Queues 0 
GWCheck Auto Queues 0 
GWCheck Scheduled Queues 0 


hread Status 


Total Busy 
C/S Handler Threads 10 0 
Message Worker Threads 6 0 
GWCheck Worker Threads 4 0 
SOAP Threads 3 0 
Calendar Publishing Threads 3 0 
Message Transfer Status Open 
Statistics 

Total 
C/S Requests 3682 
C/S Reguests Pending 0 
Users Timed Out 4 
SOAP Requests 21 
SOAP Pending Requests 0 
GWEvents 0 
Calendar Publishing Requests 8 
Rules Executed 0 
Users Delivered 0 
Message Files Processed 20 
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For information about the agent Web consoles, see the GroupWise agent documentation: 


+ Section 37.2, “Using the POA Web Console,” on page 539 
+ Section 43.2, “Using the MTA Web Console,” on page 669 
+ Section 49.2, “Using the DVA Web Console,” on page 725 
+ Section 56.2, “Using the GWIA Web Console,” on page 827 


Polling the Agents for Updated Status Information 


By default, the Monitor Agent polls the monitored agents every five minutes. You can change the 
default poll cycle, as described in Section 69.4, “Configuring Polling of Monitored Agents,” on 
page 956. The time remaining until the next poll cycle is displayed in the lower left corner of the 
Monitor Agent server console. 


You can also manually poll monitored agents. 
On Windows, at the Monitor Agent server console: 


+ To poll all agents, click Action > Poll All Agents. 
+ To poll a specific agent, right-click the agent, then click Poll Agent. 


¢ To stop polling a specific agent (for example, because the server it runs on is awaiting repairs), 
right-click the agent, then click Suspend Polling. You can specify a time interval for the agent to be 
suspended, after which polling resumes automatically. By suspending polling, you prevent 
repeat notifications for a problem that is already being addressed. 


The suspended agent’s status is listed as Suspended, accompanied by the same icon used for the 
Unknown status (2). 

¢ To restart regular polling of an agent for which polling was suspended, right-click the agent, 
then click Resume Polling. 


On Linux, at the Monitor Agent server console: 


* To poll all agents, select all agents, then click Poll. 
+ To poll a specific agent, select the agent, then click Poll. 


+ To stop polling a specific agent, select the agent, then click Suspend. You can specify a time 
interval for the agent to be suspended, after which polling resumes automatically. By 
suspending polling, you prevent repeat notifications for a problem that is already being 
addressed. 


The suspended agent’s status is listed as Suspended, accompanied by the same icon used for the 
Unknown status (2). 


¢ To restart regular polling of an agent for which polling was suspended, select the agent, then 
click Resume. 


Using the Monitor Web Console 


The Monitor Web console lists all GroupWise agents that the Monitor agent is polling for status 
information. Use the following URL to access the Monitor Web console: 


http://web server. address/gwmon/gwmonitor 
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where web. server. address represents the IP address or hostname of the Web server where the Monitor 
Application is installed. 


GroupWise, Monitor 


GATE (E Novell 
MK © Corporate Monitored agents for "Corporate" group 
(9) OES Agents Total: 9 Displayed: 1-9 
® SLES Agents Refresh [Hide Subgroup Agent |[ Problem ][ Suspend ][ Resume ][ move ][ Options |[ Thresholds ][ Help | 
a O Name Status Status Duration Up Time Type Version Platform 
[ Create | 9 Provo1 Normal Od1h54m Od6h39m MTA 12.0.0 (12/03/2011) Linux 
naene [1 ($ DevelopmentProvol Normal Od1h54m Od6h39m POA 12.0.0 (12/03/2011) Linux 
— O © GWAProvo1 Normal Od1h54m Od6h38m GWIA 12.0.0 (12/03/2011) Linux 
[Refresh | O © Provo Normal Od1h54m Od2h29m MTA 12.0.0 (12/03/2011) Linux 
eit L] © GWIAProvo3 Normal Od1h54m Od2h29m GWIA 12.0.0 (12/03/2011) Linux 
CO © Research.Provo3 Normal Od1h54m Od2h29m POA 12.0.0 (12/03/2011) Linux 
@) Provo2 Normal Od1h54m Od1h53m MTA 12.0.0 (12/3/2011) Windows 
oO 9) GWIAProvo2 Normal Od1h54m Od1h52m GWIA 12.0.0 (12-03-11) Windows 
© Sales Provo2 Normal Od1h54m Od1h52m POA 12.0.0 (12/3/2011) Windows 


Global features of the Monitor Web console are available on icon buttons at the top of the Monitor 
page. 


Icon Button Feature 


5) Problem 


ay Link Trace 
Ea Link Configuration 
p Global Options 


A States 


a Search 


Click the Problem icon button to display only agents in your Group Wise system whose status is other 
than Normal. Click the name of your Group Wise system to display all agents again. 


Click the status of an agent in the Status column to display agent status details. 


Click an agent in the Name column to open its agent Web console. For information about the agent 
Web consoles, see Section 71.1.4, “Viewing an Agent Web Console,” on page 976. 


Click an agent group in the left panel to display all monitored agents in the group. Click the Problem 
button above the agent list to display only those agents whose status is other than Normal in the agent 
group. The Problem button then changes to Monitored. Click the Monitored button to include working 
agents as well as problem agents in the list. 


Click Refresh to update the agent status information. To modify the default poll cycle, see Section 69.4, 
“Configuring Polling of Monitored Agents,” on page 956. 


To see what specific tasks can be performed at the Monitor Web console, see Chapter 72, “Comparing 
the Monitor Consoles,” on page 1001. 
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713 Generating Reports 


You can generate reports on demand at the Monitor Agent consoles to help you manage message 
flow throughout your GroupWise system. 

+ Section 71.3.1, “Link Trace Report,” on page 979 

+ Section 71.3.2, “Link Configuration Report,” on page 980 

+ Section 71.3.3, “Image Map Report,” on page 981 

+ Section 71.3.4, “Environment Report,” on page 986 

+ Section 71.3.5, “User Traffic Report,” on page 986 

+ Section 71.3.6, “Link Traffic Report,” on page 987 

+ Section 71.3.7, “Message Tracking Report,” on page 987 

+ Section 71.3.8, “Performance Testing Report,” on page 988 

+ Section 71.3.9, “Connected User Report,” on page 988 

+ Section 71.3.10, “Gateway Accounting Report,” on page 988 

+ Section 71.3.11, “Trends Report,” on page 988 

+ Section 71.3.12, “Down Time Report,” on page 989 


71.3.1 Link Trace Report 


A link trace report enables you to follow the path a message would take between two GroupWise 
domains. A link trace report includes a list of all the domains through which a message would need 
to pass, along with their current status, link type, address, and number of messages currently queued 
in each domain. If any domain along the link path is closed, an error message is displayed. 


If a message fails to arrive at its destination, this report can help you pinpoint its current location, so 
you can resolve the problem and get messages flowing smoothly again. 
1 On Windows, at the Monitor Agent server console, click Reports > Link Trace. 
or 
On Linux, at the Monitor Agent Web console, click Link Trace. 
2 Select a starting domain and a target domain. 


3 If you want to trace the path back, which is the route status messages will take, select Trace 
Return Path. 
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4 Click Trace. 


xi 
Starting Domain Target Domain 
Close | 
Provod Help | 


(7 Normal Provol Provo2 TCP/IP ibd-win 
(7 Normal Provo2 Provo4 TCP/IP ibd-oes 


If any domain in the pathis closed, an error message displays so you know where the problem is 
occurring. 


5 When you are finished tracing links, click Close. 


71.3.2 Link Configuration Report 


A link configuration report enables you to list the links from one or more GroupWise domains to all 
other domains in your GroupWise system. This helps you identify inefficient link paths, loops, and 
unreachable domains. All domains must be open to obtain an accurate link map of your GroupWise 
system. 

1 Make sure all domains in your GroupWise system are open. 


You cannot obtain an accurate link map of your GroupWise system if any domains are closed. 
For assistance with closed domains, see “Message Transfer Agent Problems” in GroupWise 2012 
Troubleshooting 2: Solutions to Common Problems. 


2 On Windows, at the Monitor Agent server console, click Reports > Link Configuration. 
or 
On Linux, at the Monitor Agent Web console, click Link Configuration. 

3 Select All Agents 
or 


Select Selected Agent and select a specific agent from the drop-down list. 
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4 Click Run. 


Link Configuration [x] 


@ All Agents 


© Selected Agent Provol X | Close | 


Provol Provo2, Provol 
Provo3 Provo2, Provo3 
Provod Provo2, Provod 
Provo2 Provo1, Provo2 
Provo3 Provo1, Provo3 


Provod Provo1, Provo2, Provod 
Provo2 Provo3 - Read Failed 
Provo2 Provo4 - Read Failed 


The list shows what domains a message would pass through to travel from the domain in the 
Source column to the domain in the Destination column. If a domain displays as closed, it means 
that the Monitor Agent could not contact the MTA for the domain or that a loop was detected in 
the link configuration. 


5 When you are finished checking links, click Close. 


71.3.3 Image Map Report 


An image map enables you to create a visual picture of your GroupWise system, whether it resides in 
a single office building or spans the globe. You provide the maps; Monitor provides the up-to-the- 
minute status information at a glance. 

* “Making Maps Available in Monitor” on page 981 

+ “Setting Up Maps” on page 982 

+ “Setting Up Regions” on page 983 

+ “Adding Agents to a Map” on page 984 

+ “Using an Image Map to Monitor Agents” on page 985 


NOTE: The image map report cannot be generated at the Windows Monitor Agent server console. 
You must use the Monitor Agent Web console. 


Making Maps Available in Monitor 


1 Obtain useful maps from the Internet or another location. 


You can use maps that vary in detail. For example, you could have one map the focuses on a 
particular corporate office building, another that shows offices throughout your country, and 
another that shows offices throughout the world. You can select from images in PNG and JPG 
format. 


2 Copy the maps you want to use into the maps subdirectory of the monwork directory. 


Using GroupWise Monitor 981 


The default location of the monwork directory varies by platform. 


Linux: /tmp/gwmon/monwork/maps 
Windows: c:\ProgramData\Novell\GroupWise Server\Monitor\monwork\maps 


You can change the location using the --monwork startup switch. For more information, see 
Chapter 73, “Using Monitor Agent Startup Switches,” on page 1003 


3 Continue with Setting Up Maps. 


Setting Up Maps 
1 Atthe Monitor Agent Web console, click Map. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


View Edit || Delete || New 


Initially, no maps are available in Monitor. 


2 Click New to display all the maps that are available in the maps directory. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Select map to use in image map 


euoutl.pne earthtruec nasa_bie.jpe 


The file name of each map is displayed below it. 


3 Click the map that you want to set up, specify a custom name for the map, then click Create. 


Select an agent or map Provoi =) Remove | Done 


C£ek on the map to place the agent Line color [Red = 


This makes the map available for use in Monitor. 
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4 Tosetup additional maps for use in Monitor, click Done to return to the Image Map Selection 
menu, then repeat Step 2 and Step 3 for each map that is available in the maps directory to make 
it available in Monitor. 


5 If you want to make one or more smaller-scale maps available from a large-scale map, continue 
with “Setting Up Regions” on page 983. 
Or 


If your maps are all independent from each other, skip to “Adding Agents to a Map” on 
page 984. 


Setting Up Regions 


If some of your maps are subsets of other maps, you can set up a large-scale map so that it links to 
one or more smaller-scale maps. For example, a map of the world could have a region for each 
continent or country, or a map of a city or country could have a region for each office where 
GroupWise domains or post offices are located. 


1 Set up at least two maps in Monitor, as described in “Making Maps Available in Monitor” on 
page 981. 


2 At the Monitor Agent Web console, click Map to display the maps that are available in Monitor. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Europe 


The custom name of each map is displayed below it. 
3 Click Edit, then click a large-scale map. 


4 In the drop-down list, scroll down through the agents, click the smaller-scale map that you want 
to define as a region, then click on the large-scale map to refresh the view. 


5 Click points on the map to surround the region. 


6 Click Done to define the region. 
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984 


With a very wide map, you need to scroll horizontally to display the Done button. 


The region appears labeled on the large-scale map. 


7 To define more regions on the large-scale map, click Done to return to the available maps, then 
repeat Step 3 through Step 6 for each region. 


or 


To place agents on a map, continue with Adding Agents to a Map. 


Adding Agents to a Map 
1 At the Monitor Agent Web console, click Map to display the maps that are available in Monitor. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Europe 


The custom name of each map is displayed below it. 
2 Click Edit, then click the map where you want to add agents. 
3 Select an agent in the drop-down list, then click the place on the map where that agent is located. 


The agent name appears in a blue box. 
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4 Select additional agents and locations as needed. 


Select an agent or map Sales.Provo2 v| Remove Done 
Click on the map to place the agent Line color: | Red E 


5 Inthe Line Color drop-down list, select the color to use to show links between locations. 


Make sure you select a color that shows up well on the particular map. Lines display on the map 
only when links between locations are down. 


6 Click Done when the map includes all the needed GroupWise agents in their respective 
locations. 


7 Continue with Using an Image Map to Monitor Agents. 


Using an Image Map to Monitor Agents 


1 At the Monitor Agent Web console, click Map > View. 
2 Click a map to view agent status. 
or 


If the map has regions, click a region to display the map that has agent status for that region. 


At this point, the Monitor Agent checks the status of each agent on the map. Any agent that is 
down or that has a status of Major, Critical, or Warning displays in red on the map. Agents with a 
lower status do not display on the map. If a link between agents is down, a line displays between 
the agents. 
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71.3.4 


71.3.5 


Environment Report 


An environment report lists all monitored agents, along with each agent's location, version, IP 
address, port number, and operating system information. 


At the Windows Monitor Agent server console or the Monitor Agent Web console: 


1 Click Reports > Environment. 


Ix 


| Agent Type | Agent Version | Agent Address OS Version 


Development.Provol POA 12.0.0 (12/03/2011) 


17215517 1677 Linux 
GWIA.Provol GWIA 12.0.0 (12/03/2011) 17215517 3850 Linux Release 2.6. Send | 
GWIA.Provo2 GWIA 12.0.0 (12-03-11) 17215519 3850 Windows (TM) Vel 
GWIA.Provo3 GWIA 12.0.0 (12/03/2011) 17215518 3850 Linux Release 2.6. Save | 
Provol MTA 12.0.0 (12/03/2011) 17215517 7100 Linux 
Provo2 MTA 12.0.0 (12/3/2011) 17215519 7100 Windows (TM) Vet Help | 
Provo3 MTA 12.0.0 (12/03/2011) 17215518 7100 Linux 
Research Provo3 POA 12.0.0 (12/03/2011) 17215518 1677 Linux 


Sales.Provo2 POA 12.0.0 (12/3/2011) 17215519 1677 Windows (TM) Ver 


2 Scroll through the displayed information for your own use. 
or 


Click Send, type your email address, type one or more email addresses to send the environment 
report to, then click Send. 


3 Click OK to close the Environment Report dialog box. 


User Traffic Report 


A user traffic report enables you to determine how many messages a user has sent outside his or her 
post office. The user traffic report lists all messages sent by a specified user during a specified date/ 
time range, along with date, time, and size information for each message. You can also generate a 
user traffic report for all users whose messages pass through a selected domain. 


In order for the information to be available to generate a user traffic report, you must configure the 
MTA to perform message logging. See Section 42.4.2, “Enabling MTA Message Logging,” on 
page 657. 


At the Windows Monitor Agent server console or the Monitor Agent Web console: 


1 Click Reports > User Traffic. 

2 Select the user’s domain or the domain you want to generate a user traffic report for. 

3 Type the GroupWise user ID that you want to create a report for. 
or 
Leave the field blank to create a report for all users whose messages pass through the selected 
domain. 

4 If you want to restrict the report to a particular time interval, specify start and end dates and 
times. 

5 Click Run. 


6 After the results are displayed, click Save, provide a file name for the report, select the format for 
the report, then click OK. 
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71.3.6 


71.3.7 


Reports can be saved in comma-separated or tab-separated format to meet the needs of the 
program you plan to use to display and print the report. For example, you could bring the data 
into a spreadsheet program. If needed, you can include column headings to create an initial line 
in the output file that labels the contents of each column. 


7 When you are finished generating user traffic reports, click Close. 


Link Traffic Report 


A link traffic report enables you to determine how many messages are passing from a selected 
GroupWise domain across a specified link. The link traffic report lists the total number and total size 
of all messages passing through the link during each hour or half hour of operation. 


In order for the information to be available to generate a link traffic report, you must configure the 
MTA to perform message logging. See Section 42.4.2, “Enabling MTA Message Logging,” on 
page 657. 


At the Windows Monitor Agent server console or the Monitor Agent Web console: 


1 Click Reports > Link Traffic. 
2 Select the source domain of the link. 


The list includes all domains that the Monitor Agent uses XML to communicate with. If the 
Monitor Agent must use SNMP to communicate with a domain, that domain is not included in 
the list. 


3 Select the other end of the link, which could be another domain, a post office, or a gateway. 


4 If you want to restrict the report to a particular time interval, specify start and end dates and 
times. 


5 Click Run. 


6 After the results are displayed, click Save, provide a file name for the report, select the format for 
the report, then click OK. 


Reports can be saved in comma-separated or tab-separated format to meet the needs of the 
program you plan to use to display and print the report. For example, you could bring the data 
into a spreadsheet program. If needed, you can include column headings to create an initial line 
in the output file that labels the contents of each column. 


7 When you are finished generating link traffic reports, click Close. 


Message Tracking Report 


A message tracking report enables you to track an individual message through your GroupWise 
system. The message tracking report provides information about when a message was sent, what 
queues the message has passed through, and how long it spent in each message queue. If the 
message has not been delivered, the message tracking report shows where it is. 


In order for the information to be available to generate a message tracking report, you must configure 
the MTAs in your GroupWise system to perform message logging. See Section 42.4.2, “Enabling MTA 
Message Logging,” on page 657. 


In addition, you need to determine the message ID of the message. Have the sender check the Sent 
Item Advanced Properties of the message in the GroupWise client. The Message Id field displays the 
message ID of the message; for example, 3AD5EDEB.31D : 3 : 12763. 


At the Windows Monitor Agent server console or the Monitor Agent Web console: 


1 Click Reports > Message Tracking. 
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2 Typethe message ID of the message to track. 


You can obtain the message file ID in the GroupWise client. Open the Sent Items folder, right- 
click the message, click Properties, then click the Style drop-down list and click Advanced 
Properties. The Message Id field displays the message file ID; for example, 3A75BAB9.FF1 :8: 
31642. 


3 Selectthe domain where you want to start tracking. 
4 Click Track. 


5 When you are finished generating message tracking reports, click Close. 


71.3.8 Performance Testing Report 


A performance testing report enables you to measure how long it takes messages to travel through 
your GroupWise system. The performance testing report lists each domain that a performance test 
message was sent to, when it was sent by the Monitor Agent, and the number of seconds between 
when it was sent and when the Monitor Agent received a response from the tested agent. 


In order run a performance testing report, you must configure the Monitor Agent for performance 
testing. See Section 71.4, “Measuring Agent Performance,” on page 989. 


71.3.9 Connected User Report 


The Connected Users report lists all users that are currently connected to POAs throughout your 
GroupWise system. It lists user name; client version, date, and platform; login time; and the IP 
address of the client user. 


At the Monitor Agent Web console: 


1 Click Reports > Connected Users. 


NOTE: The Connected Users report cannot be generated at the Windows Monitor Agent server 
console or the Monitor Web console. 


71.3.10 Gateway Accounting Report 


The Gateway Accounting report shows traffic through a gateway. For example, you can use a 
Gateway Accounting report to track traffic to and from the Internet through a GWIA. 


In order to run a Gateway Accounting report, you must configure the Monitor Agent to collect 
gateway accounting data. See Section 71.5, “Collecting Gateway Accounting Data,” on page 992. 


713.11 Trends Report 


988 


The Trends report presents graphs of agent MIB variables as sampled over time. Graphs are 
generated based on data gathered from Monitor Agent log files. The quality of the graphs depends 
on the quantity of data that has been gathered when the graph is generated. 


In the Monitor Agent Web console: 


1 Click Reports > Trends. 


NOTE: The Trends report cannot be generated at the Windows Monitor Agent server console. 


2 Click the type of agent for which you want to set up a Trend report. 
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3 Specify a unigue name for the Trend report. 

4 Selectthe MIB variables that you want to collect values for over time, then click Add Trend. 
The Trend report appears in the Agent Trends list. 

5 Clickthe Trend report to view the graphs. 


713.12 Down Time Report 


The Down Time report graphically illustrates how much time each GroupWise agent has been down 
during the day. 


In the Monitor Agent Web console: 


1 Click Reports > Down Time. 


NOTE: The Down Time report cannot be generated at the Windows Monitor Agent server 
console. 


714 Measuring Agent Performance 


To test the performance of the agents in your GroupWise system, you can send performance test 
messages from a specially configured Monitor domain to target domains anywhere in your 
GroupWise system. The Monitor Agent measures the amount of time it takes for replies to return 
from the target domains, which lets you ascertain the speed at which messages flow through your 
GroupWise system. 

+ Section 71.4.1, “Setting Up an External Monitor Domain,” on page 989 

+ Section 71.4.2, “Configuring the Link for the External Monitor Domain,” on page 990 

+ Section 71.4.3, “Configuring the Monitor Agent for Agent Performance Testing,” on page 991 

+ Section 71.4.4, “Viewing Agent Performance Data,” on page 992 

+ Section 71.4.5, “Viewing an Agent Performance Report,” on page 992 


+ Section 71.4.6, “Receiving Notification of Agent Performance Problems,” on page 992 


7141 Setting Up an External Monitor Domain 


Before you can use the Group Wise Performance Testing feature to configure and enable GroupWise 
performance testing, you must create a specially configured Monitor domain and select an MTA to 
receive performance test messages from the Monitor Agent. The Monitor Agent uses an external 
GroupWise domain as part of measuring GroupWise agent performance. 


By creating an external domain, you enable the Monitor Agent to approximate the round-trip time 
for email messages to travel to recipients and for status messages to travel back to senders. If you also 
plan to set up gateway accounting reports, as described in Section 71.5, “Collecting Gateway 
Accounting Data,” on page 992, you can use this same external domain for collecting accounting 
data. 


In ConsoleOne: 


1 Connectto a domain where the MTA will communicate with the Monitor Agent for the purpose 
of sending accounting data to the Monitor Agent. 
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2 Create an external GroupWise domain. 


x 
ee 


| 
Cancel 


Domain Database Location (optional): 
Li Help 


Time Zone: 


{GMT-07:00) Mountain Time (US & Canada) M 
Version: 

12 e; | 
Link To Domain: 

Provol se 


F Create another domain 


For information about external GroupWise domains, see “Creating an External Domain” in 
“Connecting to Other GroupWise Systems” in the GroupWise 2012 Multi-System Administration 
Guide. 


3 Namethe external domain to reflect its role in your GroupWise system. 
For example, you could name it ExternalMonitorDomain. 


4 Continue with Configuring the Link for the External Monitor Domain. 


71.4.2 Configuring the Link for the External Monitor Domain 


The Monitor Agent needs to send its performance testing messages to a specific MTA in your 
GroupWise system. It does not matter which MTA you decide to use. It could be the MTA for the 
domain to which the external Monitor domain is linked. 


In ConsoleOne: 


1 Click Tools > GroupWise Utilities > Link Configuration. 


2 Inthe Outbound Links From box, double-click the domain whose MTA you want the Monitor 
Agent to communicate with. 


3 Configure the outbound link from the selected MTA to the external Monitor domain to be a 


TCP/IP link. 

Edit Domain Link xj 
Description: How Provo2 connects to MonitorAccountingDomain OK | 
Link Type: [Direct X es | 

Settings ~~~ SSS Help | 


Protocol: freee =] 
IP Address; [..... 2] Scheduling... | 


I Override 


Maximum send message size: [ 0 = MBytes 
Delay message size: [ 0 E MBytes 


SI External Link Info... | 


3a Clickthe pencil icon to provide the IP address of the server where the Monitor Agent runs. 
3b Specify a unique port number for the MTA to use to communicate with the Monitor Agent. 
3c Click OK. 

4 Click OK to save your changes to the link. 
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5 Exit the Link Configuration Tool to save the new link configuration information. 


6 Continue with Configuring the Monitor Agent for Agent Performance Testing. 


71.4.3 Configuring the Monitor Agent for Agent Performance Testing 


After you have created an external Monitor domain and configured a link from it to an MTA, you are 
ready to configure the Monitor Agent for performance testing. 


1 On Windows, at the Monitor Agent server console, click Configuration > Performance Testing. 


GroupWise Performance Testing E x| 
Send performance messages every 5 = minutes Cancel 
T Enable GroupWise Performance Testing Help 


Send performance messages to | 
C All Agents 


Domain to send messages to 


| 


@ Monitored Agents 


or 


On Linux, at the Monitor Agent Web console, click Preferences > Setup, then scroll down to the 
Performance Testing section. 


Performance Testing 
Domain to send messages to ExternalMonitorDomain M 
Ninutes between messages: 5 


Enable GroupWise Performance Testing 
All Agents 
@) Monitored Agents 


Send performance messages to: 


2 Fillin the fields: 


Domain to send messages to: Select the external Monitor domain that you configured for 
system performance testing. 


You might need to restart the Monitor Agent in order to see the new Monitor domain in the 
drop-down list. 


Send performance messages every: Specify in minutes the time interval for the Monitor Agent 
to send performance test messages. 


Enable GroupWise Performance Testing: Select this option to turn on performance testing. 
Deselect this option when you have finished your performance testing. 


Send performance messages to: Select All Agents to send performance test messages to all 
domains in your GroupWise system. Select Monitored Agents to send performance test messages 
only to the agents currently listed at the Monitor Agent console. 


3 Click OK to put the performance testing settings into effect. 
4 Continue with Section 71.4.4, “Viewing Agent Performance Data,” on page 992. 
or 


Continue with Section 71.4.6, “Receiving Notification of Agent Performance Problems,” on 
page 992. 
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71.4.4 


71.4.5 


71.4.6 


71.5 


Viewing Agent Performance Data 


The information gathered by the Monitor Agent through performance test messages is recorded in 
the Monitor history log. 


At the Windows Monitor Agent server console or the Monitor Agent Web console: 


1 Click Log > View History Files. 
2 Select a history log file, then click View. 


Viewing an Agent Performance Report 


A performance testing report enables you to measure how long it takes messages to travel through 
your GroupWise system. The performance testing report lists each domain that a performance test 
message was sent to, when it was sent by the Monitor Agent, and the number of seconds between 
when it was sent and when the Monitor Agent received a response from the tested agent. 


At the Windows Monitor Agent server console or the Monitor Agent Web console: 


1 Click Reports > Performance Testing. 


2 Select All Domains to generate a performance testing report for all domains in your GroupWise 
system. 


or 
Select one domain to generate a performance testing report for it. 


3 Click Run to generate the performance testing report. 


Receiving Notification of Agent Performance Problems 


If you want the Monitor Agent to notify you if system performance drops to an unacceptable level, 
you can create a threshold to check the mtaLastResponseTime and mtaAvgResponseTime MIB 
variables. The average response time is a daily average that is reset at midnight. See Section 69.5.2, 
“Customizing Notification Thresholds,” on page 959 for setup instructions. 


Collecting Gateway Accounting Data 


In order to run a Gateway Accounting report in Monitor, you must configure your GroupWise 
system to collect accounting files. The Internet Agent can be configured to generate accounting files, 
as described in Section 54.3, “Tracking Internet Traffic with Accounting Data,” on page 805. Then, the 
accounting files are collected and sent to the Monitor Agent for processing to create the Gateway 
Accounting report. 

+ Section 71.5.1, “Setting Up an External Monitor Domain,” on page 993 

+ Section 71.5.2, “Configuring the Link for the External Monitor Domain,” on page 993 


+ Section 71.5.3, “Configuring the Monitor Agent to Communicate through the External Monitor 
Domain,” on page 994 


+ Section 71.5.4, “Setting Up an External Post Office and External User for the Monitor Agent,” on 
page 995 


¢ Section 71.5.5, “Designating a Gateway Accountant,” on page 995 
+ Section 71.5.6, “Receiving and Forwarding the Accounting Files,” on page 996 


+ Section 71.5.7, “Viewing the Gateway Accounting Report,” on page 997 
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71.5.1 


71.5.2 


Setting Up an External Monitor Domain 


In order to collect accounting data, you must create a specially configured Monitor domain and select 
an MTA to send accounting files through it to the Monitor Agent. The Monitor Agent needs the 
external domain to house an external post office where there is an external user that receives the 
accounting files from the Internet Agent. 


If you are already using the GroupWise Performance Testing feature, as described in Section 71.4, 
“Measuring Agent Performance,” on page 989, you can use the same external domain and MTA for 
gathering accounting data. Skip to Section 71.5.4, “Setting Up an External Post Office and External 
User for the Monitor Agent,” on page 995. 


In ConsoleOne: 


1 Connect to a domain whose MTA will communicate with the Monitor Agent for the purpose of 
gathering accounting data. 


2 Create an external GroupWise domain. 


J 
Domain name: 


TO 
Domain Database Location (optional): Cancel 
Es 
Time Zone: 

(GMT-07:00) Mountain Time (US & Canada) + 


Version: 

12 k2 | 
Link To Domain: 

Provol Sa 


F Create another domain 


For background information about external GroupWise domains, see “Creating an External 
Domain” in “Connecting to Other GroupWise Systems” in the GroupWise 2012 Multi-System 
Administration Guide. 


3 Name the external domain to reflect its role in your GroupWise system. 
For example, you could name it ExternalMonitorDomain. 


4 Link the external domain to the existing domain whose MTA will communicate with the 
Monitor Agent. 


5 Continue with Configuring the Link for the External Monitor Domain. 


Configuring the Link for the External Monitor Domain 


The Monitor Agent needs to receive accounting data from a specific MTA in your GroupWise system. 
It can be the MTA for the domain to which the external Monitor domain is linked. 


In ConsoleOne: 


1 Click Tools > GroupWise Utilities > Link Configuration. 


2 Inthe Outbound Links From box, double-click the external Monitor domain. 
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3 Configure the outbound link to the external Monitor domain to be a TCP/IP link: 


x 
Description: How Provo2 connects to MonitorAccountingDomain OK | 
Link Type: [oret =] Cancel | 

r Settings Help | 


Protocol: TCP/IP x] 
Padres: [. aaa 2| Scheduling... | 


T Override 


Maximum send message size: [ 0 = MBytes 
Delay message size: [ 0 = MBytes 


3 External Link Info... | 


ga Click the pencil icon to provide the IP address or DNS hostname of the server where the 
Monitor Agent runs. 

3b Specify a unigue port number for the Monitor Agent to use to communicate with the MTA 
in the domain to which the external Monitor domain is linked. 


For example, you could use 7103. 
3c Click OK. 
4 Click OK to save your change to the link. 
5 Exit the Link Configuration Tool to save the new link configuration information. 


6 Continue with Configuring the Monitor Agent to Communicate through the External Monitor 
Domain. 


715.3 Configuring the Monitor Agent to Communicate through the External 
Monitor Domain 


In the Monitor Agent Web console 


1 Click Preferences, then scroll down to the MTP Settings section. 


MTP Settings 


Domain name for GroupWise Monitor >| 
TCP/IP listen port for Monitor: (0 


2 Selectthe external Monitor domain in the drop-down list. 

3 Specify the same port number that you specified in Step 3b in Section 71.5.2, “Configuring the 
Link for the External Monitor Domain,” on page 993. 

4 Click Submit. 


At the server console or Web console for the MTA in the domain that the external Monitor 
domain links to, verify that the link to the external Monitor domain is open. 


6 Continue with Setting Up an External Post Office and External User for the Monitor Agent. 


01 
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71.5.4 Setting Up an External Post Office and External User for the Monitor 
Agent 


Now that you have set up the link for the accounting data to flow through, you need to create an 
external user to receive the accounting files. 


In ConsoleOne: 


1 Create an external post office: 


la Right-click the External Domain object that you created in Section 71.5.1, “Setting Up an 
External Monitor Domain,” on page 993, then click New External Post Office. 


Create External GroupWise Post Office i x| 
Post office name: 
l 
Time Zone: Cane | 
(GMT-07:00) Mountain Time (US 8 Canada) M Help | 


T Create another post office 


1b Name the external post office to reflect its role, such as ExternalMonitorPO. 
1c Click OK. 
2 Create an external user: 


2a Right-click the External Post Office object, then click New > External User. 


Create GroupWise External User x| 
User Name: [+ | 
Cancel | 

P Create another external user 


Help | 


2b Name the external user to reflect its role, such as ExternalMonitorUser. 
2c Click OK. 


3 Continue with Designating a Gateway Accountant. 


71.5.5 Designating a Gateway Accountant 


As messages flow through a gateway such as the GWIA, the gateway logs the traffic and sends the 
accounting records to the gateway accountant once each day. For background information, see 
Section 54.3, “Tracking Internet Traffic with Accounting Data,” on page 805. 


If you already have an accountant designated for each GWIA where you want to run accounting 
reports, skip to Section 71.5.6, “Receiving and Forwarding the Accounting Files,” on page 996. 


Using GroupWise Monitor 995 


In ConsoleOne: 
1 Right-click the GWIA object, then click Properties. 
2 Click GroupWise > Gateway Administrators. 
x 


LDAP | POP31M4P4 | Server Directories | Access Control + | Reattach | Post Office Links | GroupWise vi 
| Gateway Administrators 


jisumi. Research.Provo3 
mpalu.Development.Provo1 


Add Delete | 


Administrator Role 
T Operator 
IV Accountant 
TF Postmaster 
T Foreign Operator 


Page Options... | 


3 Select a user to receive the gateway files. 

Use yourself at this point for testing purposes. 
4 Select Accountant. 
5 Click OK. 


6 Continue with Receiving and Forwarding the Accounting Files. 


71.5.6 Receiving and Forwarding the Accounting Files 


Each GWIA sends the accounting files to the accountant. The accountant then must forward the 
accounting files to the external Monitor user. 


In the GroupWise client: 
1 Create anew rule to forward all accounting messages to the external Monitor user in the external 
Monitor post office. 
A typical subject line for an accounting message is Agent Accounting Data File. 


2 In order to establish the link for the first time, restart the Monitor Agent and the MTA for the 
domain that the external Monitor domain is linked to. 


3 Verify that the accounting log files are being received by the Monitor Agent: 
3a At the Monitor Agent Web console, click Log > Gateway Accounting Logs. 
3b Select the GWIA, then click View Accounting Logs. 


If files are listed, then accounting data is successfully arriving to the Monitor Agent. The 
Monitor Agent uses the accounting log files to generate Gateway Accounting reports. 
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The accounting log files on stored on the server where the Monitor Agent is running. The 
default location varies by platform. 


Linux: /var/log/novell/groupwise/gwmon/acct 


Windows: c:\ProgramData\Novell\GroupWise Server\Monitor\acct 


71.5.7 Viewing the Gateway Accounting Report 


After accounting log files are being successfully sent to the Monitor Agent for processing, you can 
view the Gateway Accounting report in your Web browser. 


1 Atthe Monitor Agent Web console, click Reports > Gateway Accounting. 


NOTE: The Gateway Accounting report cannot be generated at the Windows Monitor Agent 
server console. 


2 Select the GWIA for which you want to view accounting reports, then click View Accounting 
Reports. 


The initial report lists all users who have sent and received messages through the GWIA. It lists 
the number of messages, the size of the messages, and the number of attachments. You can sort 
the list by any column heading. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Environment | User Traffic | Link Traffic | Message Tracking | Performance Testing | Connected Users | Gateway Accounting | Trends | Down Time 


GWIA.Provoi Jul 12 - Jul 12 


View Domains 


Inbound Outbound Total 
Name Message: Size Attachments Messages Size Attachments Message: Size Attachments 
isumi 15 108420 15 9 18909 3 24 127329 18 
meslu 3 21855 3 o 0 0 3 21855 3 


3 Inthe Users list, click a user to list all messages sent to and from the user. 


4 Inthe list of messages, click a message ID to run a Message Tracking report for that message, as 
described in Section 71.3.7, “Message Tracking Report,” on page 987. 


5 Inthe Users list, click View Domains to list the Internet domains associated with the GWIA. 


6 Inthe list of domains, click an Internet domain to list all messages sent and received through 
that Internet domain. 
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71.6 Assigning Responsibility for Specific Agents 


If multiple GroupWise administrators manage the agents throughout your GroupWise system, you 
can assign a contact for each agent. Or, in a help desk environment, a person can be assigned to an 
agent when a problem occurs. The person assigned to the agent can record notes about the 
functioning of the agent, which are then available to other administrators. 


1 On Windows, at the Monitor Agent server console, right-click an agent in the agent status 
window, then click Agent Details. 


SK x 
Name Development.Provol OK 
lll [ x | 
Address  jbd.provonovellcom Cancel | 
Port 1677 
State Normal MIB Values | 
Poll Type XML Help | 
Thresholds 
Suggestions 


Assigned to 


Notes A 


or 


On Linux, at the Monitor Agent Web console, click the agent status link. 


Status | Preferences | Link Trace | Link Configuration | Reports | Log | Map 


Name Provo1 
Type MTA 
Address 137.65.67.217:7100 
Poll Type XML 
State Normal 
Assigned 
Notes 
Update 
mtalndex 0 
mtaDomainName Provo1 


mtaTotalDomains 7 


2 Inthe Assigned To field, type the name of the GroupWise administrator who is responsible for 
this agent. 


The name is displayed to the right of the agent status in the status window of the Monitor Agent 
console and the Monitor Web console. 
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3 Inthe Notes field, type any comments you might have about the agent. 


If a problem with the agent occurs, the Thresholds field and the Suggestions field display helpful 
information about the problem if you have set up customized thresholds, as described in 
Section 69.5.2, “Customizing Notification Thresholds,” on page 959. 


4 Click OK to save the information about who is assigned to the agent. 


Searching for Agents 


If you monitor a large number of agents, the list displayed in the Monitor Web console can become 
very long. You can easily search for an individual agent or for a group of related agents. 


At the Monitor Web console: 


1 Click the Search icon. 


GroupWise» Monitor 


Search 0) zal FE A 


~ 9° corporate Agent Search 
Ə OES Agents 
% SLES Agents Agent Name: | 


® Windows Agents 


Agent View. (Problem Agents OMonitored Agents OAI Agents 


Create ~ m = — 

= Agent Type: [Jura poa ewa Clwesacc LIPAGER 

[aa async [lapi FAX Oras GATEWAY 
= X400 x25 EXCHANGE Other 
Refresh 

Car ] sette EI 


NOTE: The Search feature is not available in the Windows Monitor Agent server console or the 
Monitor Agent Web console. 
2 Typethe name of an agent. 
Or 
Select Problems to list all agents whose status is other than Normal. 
Or 
Select one or more types of agent to list. 
3 Select the number of instances you want listed at one time. 
4 Click Search. 


The results display on the Search page with the same functionality as is available on the regular 
Monitor Web console pages. 
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Comparing the Monitor Consoles 


Many aspects of agent monitoring are available in one or more of the Monitor Agent consoles. The 
table below summarizes agent monitoring features and where they are available. 


Task Windows Monitor Monitor Agent Web Monitor Web 
Agent Server Console Console 
Console 
Selecting Agents to Monitor Yes Yes No 
Creating and Managing Agent Groups Yes Yes Yes 
Viewing All Agents Yes Yes Yes if not in 
groups 
Viewing Problem Agents Yes Yes Yes 
Viewing a Windows Agent Server Console Yes No No 
Viewing an Agent Web Console Yes Yes Yes 
Searching for Agents No No Yes 
Assigning Responsibility for Specific Agents Yes Yes Yes 
Configuring the Monitor Agent for HTTP Yes Yes Yes 
Configuring the Monitor Agent for SNMP Yes Yes Yes 
Configuring Polling of Monitored Agents Yes Yes Yes 
Configuring Email Notification for Agent Yes Yes Yes 
Problems 
Configuring Audible Notification for Agent Yes No No 
Problems 
Configuring SNMP Trap Notification for Agent Yes Yes Yes 
Problems 
Configuring Authentication and Intruder Lockout Yes Authentication: Yes No 
for the Monitor Web Console Intruder Lockout: No 
Configuring Monitor Agent Log Settings Yes Yes Yes 
Monitoring Messenger Agents Yes Yes Yes 
Generating Reports Yes Yes Yes 
Link Trace Report Yes Yes Yes 
Link Configuration Report Yes Yes Yes 
Image Map Report No Yes No 
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Environment Report 

User Traffic Report 

Link Traffic Report 

Message Tracking Report 
Performance Testing Report 
Connected User Report 
Gateway Accounting Report 
Trends Report 


Down Time Report 
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Yes 


Yes 


Yes 


Yes 


Yes 


No 


No 


No 


No 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


Yes 


No 


No 


No 


No 


No 


No 


No 


No 


No 


Using Monitor Agent Startup Switches 


GroupWise Monitor Agent startup switches must be used on the command line when you start the 
Monitor Agent, orina script or batchfile created to start the Monitor Agent. The Monitor Agent does 
not have a startup file for switches. 


Linux: 


Windows: 


If you start the Monitor Agent by running the gwmon executable, you can create a script like the 
following: 


/opt/novell/groupwise/agents/bin/gwmon --home /domain directory 
--other switches & 


If you start the Monitor Agent by running the grpwise-ma script, you can edit the MA OPTIONS 
variable to include any switches you want to set. 


You can create a batch file like the following: 


c:\Program Files\Novell\GroupWise Server\Monitor\gwmon.exe 
/startup switch /startup switch ... 


You can create a desktop icon for your batch file, or you can add startup switches to the Monitor 
Agent desktop icon that is created when you install the Monitor Agent. 


The table below summarizes Monitor Agent startup switches for all platforms and how they 
correspond to configuration settings in the Windows Monitor Agent Server Console. 


Switch starts with: abcdefghijklmnopqrstuvwxyz 


Linux Monitor Agent 


Windows Monitor Agent Windows Monitor Agent Server Console 


--hapassword /hapassword N/A 

--hapoll /hapoll N/A 

--hauser lhauser N/A 

--help /help N/A 

--home /home N/A 

--httpagentpassword /httpagentpassword Configuration > Poll Settings > HTTP Password 
--httpagentuser /httpagentuser Configuration > Poll Settings HTTP User 
--httpcertfile Ihttpcertfile N/A 

--httpmonpassword /httpmonpassword Configuration > HTTP > HTTP Password 
--httpmonuser /httpmonuser Configuration > HTTP > HTTP User 
--httpport /httpport Configuration > HTTP > HTTP Port 
--httpssl /httpssl N/A 
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Linux Monitor Agent Windows Monitor Agent Windows Monitor Agent Server Console 


--ipa lipa N/A 

--ipp lipp N/A 

--lang /lang N/A 

--log llog Log > Log Settings > Log File Path 

--monwork /monwork N/A 

--nmaddress /nmaddress Configuration > Add Novell Messenger System > 
Replica Address 

--nmhome /nmhome Configuration > Add Novell Messenger System > Novell 


Messenger System Object 


--nmpassword /nmpassword Configuration > Add Novell Messenger System > 
Password 

--nmuser /nmuser Configuration > Add Novell Messenger System > User 
Name 

--nosnmp /nosnmp N/A 

--pollthreads /pollthreads N/A 

--proxy /proxy N/A 

--tcpwaitconnect /tcpwaitconnect N/A 


NOTE: The Monitor Agent Web console does not include any settings comparable to the Monitor 
Agent startup switches. 


73.1 --hapassword 


Specifies the password for the Linux user name that the Monitor Agent uses to log in to the Linux 
server where the GroupWise High Availability service is running. See Section 69.12, “Supporting the 
GroupWise High Availability Service on Linux,” on page 968. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --hapassword password /hapassword-password 
Example: --hapassword high /hapassword-high 


See also --hauser and --hapoll. 


73.2 --hapoll 


Specifies in seconds the poll cycle on which the Monitor Agent contacts the GroupWise High 
Availability service to provide agent status information. The default is 120. The actual duration of the 
poll cycle can vary from the specified number of seconds because the actual duration includes the 
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13.3 


13.4 


13.5 


time during which the Monitor Agent is checking agent status and restarting agents as needed. Then 
the specified poll cycle begins again and continues for the specified number of seconds. See 
Section 69.12, “Supporting the GroupWise High Availability Service on Linux,” on page 968. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --hapoll seconds /hapoll-seconds 
Example: --hapoll 240 /hapoll-60 


See also --hauser and --hapassword. 


--hauser 


Specifies the Linux user name that the Monitor Agent can use to log in to the Linux server where the 
GroupWise High Availability service is running. See Section 69.12, “Supporting the GroupWise High 
Availability Service on Linux,” on page 968. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --hauser user name /hauser-user name 
Example: --hauser gwha /hauser-gwha 


See also --hapassword and --hapoll. 


--help 


Displays the Monitor Agent startup switch Help information. When this switch is used, the Monitor 
Agent does not start. 
Linux Monitor Agent Windows Monitor Agent 


Syntax: --help /help 


--home 


Specifies a domain directory, where the Monitor Agent can access a domain database (wpdomain. db). 
From the domain database, the Monitor Agent can determine which agents to monitor, what user 
names and passwords are necessary to access them, and so on. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --home /directory /home-[svn][vol:]\dir 
/home-\\svr\voladir 
/home-[drive:]\dir 
/home-\\svr\sharename\dir 
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13.6 


13.7 


13.8 


Linux Monitor Agent Windows Monitor Agent 


Example: --home /gwsystem/provo2 /home-\provo2 
/home-mail:\provo2 
/home-server2\mail:\provo2 
/home-\\server2\mail\provo2 
/home-\provo2 
/home-m:\provo2 
/home-\\server2\c\mail\provo 


See also --ipa and --ipp. 


--httpagentpassword 


Specifies the password for the Monitor Agent to prompt for when contacting monitored agents for 
status information. Providing a password is optional. See Section 69.3.1, “Configuring the Monitor 
Agent for HTTP,” on page 953. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpagentpassword unique_password /httpagentpassword-unique_password 
Example: --httpagentpassword Watchit /httpagentpassword-Watchlt 


See also --httpagentuser. 


--httpagentuser 


Specifies the user name for the Monitor Agent to use when contacting monitored agents for status 
information. Providing a user name is optional. See Section 69.3.1, “Configuring the Monitor Agent 
for HTTP,” on page 953. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpagentuser unique_user_name /httpagentuser-unique_user_name 
Example: --httpagentuser AgentWatcher /httpagentuser-AgentWatcher 


See also --httpagentpassword. 


--httpcertfile 


Specifies the full path to the public certificate file used to provide secure SSL communication between 
the Monitor Agent and the Monitor Web console displayed in your Web browser. See Section 69.8, 
“Configuring Authentication and Intruder Lockout for the Monitor Web Console,” on page 964. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --httpcertfile /dir/file /httpcertfile-[drive:]\dir\file 
/httpcertfile-\\svr\sharename\dir\file 
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13.10 


73.11 


Linux Monitor Agent Windows Monitor Agent 


Example: --httpcertfile /certs/gw.crt /httpcertfile-\ssl\gw.crt 
/httpcertfile-m:\ssl\gw.crt 
/httpcertfile-\\server2\c\ssl\gw.crt 


See also --httpssl. 


--httpmonpassword 


Specifies the password for the Monitor Web console to prompt for before allowing a user to display 
the Monitor Web console. Do not use an existing Novell eDirectory password because the 
information passes over the non-secure connection between your Web browser and the Monitor 
Agent. See Section 69.8, “Configuring Authentication and Intruder Lockout for the Monitor Web 
Console,” on page 964. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpmonpassword unique_password /httpmonpassword-unique_password 
Example: --httpmonpassword Watchit Ihttpmonpassword-Watchlt 


See also --httpmonuser. 


--httpmonuser 


Specifies the user name for the Monitor Web console to prompt for before allowing a user to display 
the Monitor Web console. Providing a user name is optional. Do not use an existing eDirectory user 
name because the information passes over the non-secure connection between your Web browser and 
the Monitor Agent. See Section 69.8, “Configuring Authentication and Intruder Lockout for the 
Monitor Web Console,” on page 964. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --httpmonuser unigue user name Ihttpmonuser-unigue user name 
Example: --httpmonuser MonAdmin /httpmonuser-MonAdmin 


See also --httpmonpassword. 


--httpport 


Sets the HTTP port number used for the Monitor Agent to communicate with your Web browser. The 
default is 8200; the setting must be unique. See Section 69.3.1, “Configuring the Monitor Agent for 
HTTP,” on page 953. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --httpport port_number /httpport-port_number 
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73.13 


73.14 


Linux Monitor Agent Windows Monitor Agent 


Example: --httpport 8201 /httpport-9200 


--httpssl 


Enables secure SSL communication between the Monitor Agent and the Monitor Web console 
displayed in your Web browser. See Section 69.8, “Configuring Authentication and Intruder Lockout 
for the Monitor Web Console,” on page 964. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --httpssl /httpssl 
See also --httpcertfile. 


--ipa 


Specifies the network address (IP address or DNS hostname) of a server where an MTA is running. 
The Monitor Agent can communicate with the MTA to obtain information about agents to monitor. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --ipa network address lipa-network. address 
Example: --ipa 172.16.5.19 lipa-172.16.5.20 

--ipa Server2 lipa-server3 


See also --ipp. 


--ipp 


Specifies the TCP port number associated with the network address of an MTA with which the 
Monitor Agent can communicate to obtain information about agents to monitor. Typically, the MTA 
listens for service requests on port 7100. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --ipp port_number /ipp-port_number 
Example: --ipp 7110 lipp-7111 


See also --ipa. 
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73.16 


73.17 


--lang 


Specifies the language to run the Monitor Agent in, using a two-letter language code. You must 
install the Monitor Agent in the selected language in order for the Monitor Agent to display in the 
selected language. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --lang code llang-code 
Example: --lang de /lang-fr 


See Chapter 7, “Multilingual GroupWise Systems,” on page 123 for a list of language codes. 


--log 


Specifies the full path of the directory where the Monitor Agent writes its log files. The default 
location varies by platform: 
Linux: /var/log/novell/groupwise/gwmon 


Windows: c:\Program Files\Novell\GroupWise Server\Monitor 
See Section 69.9, “Configuring Monitor Agent Log Settings,” on page 965. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --log /dir/file /log-[drive:]\dir\file 
/log-\\svr\sharename\dir\file 


Example: --log /opt/novell/groupwise/agents/logs /log-\gw\logs 
/log-m:\gw\logs 
/log-\\server2\c\gw\logs 


--monwork 


Specifies the location where the Monitor Agent creates its working directory. The default location 
varies by platform. 
Linux: /tmp/gwmon 


Windows: c:\Program Files\Novell\GroupWise Server\Monitor 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --monwork /directory /monwork-[svn\][vol:]\dir 
/monwork-\\svr\voldir 
/monwork-[drive:]\dir 
/monwork-\\svr\sharename\dir 
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Linux Monitor Agent Windows Monitor Agent 


Example: --monwork /tmp /monwork-\temp 
/monwork-mail:\ temp 
/monwork-server2\mail:temp 
/monwork-\\server2\mail\ temp 
/monwork-\ temp 
/monwork-m:\temp 
/monwork-\\server2\c\mail\temp 


73.18 --nmaddress 


Specifies the IP address where an eDirectory replica is available, from which the Monitor Agent can 
obtain the information it needs to monitor Messenger Agents. See Section 69.11, “Monitoring 
Messenger Agents,” on page 967. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --nmaddress /P_address /nmaddress-/P_address 
Example: --nmaddress 172.16.5.18 /nmaddress-172.16.5.19 


See also --nmuser, --nmpassword, and --nmhome. 


73.19 --nmhome 


Specifies the context of the eDirectory container object where a Novell Messenger system is located. 
See Section 69.11, “Monitoring Messenger Agents,” on page 967. 


Linux Monitor Agent Windows Monitor Agent 

Syntax: --nmhome eDirectory_context /nmhome-eDirectory_context 

Example: --nmhome /nmhome- 
OU=MessengerService,O=Messenger OU=MessengerService, OU=Provo,O=Novell 


See also --nmuser, --nmpassword, and --nmaddress. 


73.20 --nmpassword 


Specifies the password for the eDirectory user that the Monitor Agent uses to log into eDirectory to 
obtain Messenger information. See Section 69.11, “Monitoring Messenger Agents,” on page 967 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --nmpassword password Inmpassword-password 
Example: --nmpassword december Inmpassword-sailboat 


See also --nmuser, --nmhome, and --nmaddress. 
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73.22 


73.23 


73.24 


--nmuser 


Specifies a user that the Monitor Agent can use to log in to eDirectory to obtain information about the 
Messenger system from the various Messenger objects. See Section 69.11, “Monitoring Messenger 
Agents,” on page 967 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --nmuser eDirectory_context /nmuser-eDirectory_context 
Example: --nmuser CN=Admin,OU=Users,O=Novell /nmuser-CN=Admin,OU=Provo,O=Novell 


See also --nmpassword, --nmhome, and --nmaddress. 


--nosnmp 


Disables SNMP for the Monitor Agent. The default is to have SNMP enabled. See Section 69.3.2, 
“Configuring the Monitor Agent for SNMP,” on page 955. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --nosnmp /nosnmp 


--pollthreads 


Specifies the number of threads that the Monitor Agent uses for polling the agents for status 
information. Valid values range from 1 to 32. The default is 20. See Section 69.4, “Configuring Polling 
of Monitored Agents,” on page 956. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --pollthreads number /pollthreads-number 
Example: --pollthreads 10 /pollthreads-32 


--Proxy 


Routes all communication through the Monitor Agent and the Monitor Application (on the Web 
server). As long as the Web server can be accessed through the firewall, the Monitor Web console can 
receive information about all GroupWise agents that the Monitor Agent knows about. Without 
--proxy, the Monitor Web console cannot communicate with the GroupWise agents through a 
firewall. See Section 69.10, “Configuring Proxy Service Support for the Monitor Web Console,” on 
page 966. 


Linux Monitor Agent Windows Monitor Agent 


Syntax: --proxy proxy 
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73.25 --tcpwaitconnect 


Sets the maximum number of seconds the Monitor Agent waits for a connection to a monitored 
agent. The default is 5. 


Linux Monitor Agent Windows Monitor Agent 
Syntax: --tcpwaitconnect seconds /tcpwaitconnect-seconds 
Example: --tcpwaitconnect 10 /tcpwaitconnect-15 
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Using GroupWise Windows Client 
Custom Installation Options 


The GroupWise Windows client Setup program provides the following options for customizing the 
installation of the Windows client: 


Languages 


Software 
Integrations 


Internet Browser 
Mail Integration 


Program Folder 


Add GroupWise to 
the Desktop 


Add GroupWise to 
Ouick Launch 


Add Notify to the 
Startup Folder 


Add Icons to the 
Start Menu 


If you downloaded the multilanguage version of the GroupWise software image, you can 
install the Windows client in one or more languages, as listed in Section 7.1, “GroupWise 
User Languages,” on page 123. 


If you use GroupWise Document Management Services (DMS), you can select which 
third-party applications you want to integrate with the Windows client. By default, no 
applications are integrated. 


The Setup program offers the following integrations: 
+ OpenOffice Calc Document 
+ OpenOffice Draw Document 
+ OpenOffice Writer Document 
+ OpenOffice Impress Document 


Additional document types can be manually integrated with the Windows client, as 
described in Part VII, “Libraries and Documents,” on page 313. 


This option enables GroupWise to be the default email application when you click a 
mailto link in your Web browser or use the Mail command in your Web browser, 


By default, the Setup program creates a Novell GroupWise program folder. You can use a 
different folder as needed. 


By default, the Setup program create a GroupWise icon on your Windows desktop. 


By default, the Setup program adds a GroupWise icon to the Windows Ouick Launch bar 


By default, the Setup program does not add Notify to the Windows Startup folder. If you 
want to start Notify automatically, but you do not want to use the Windows Startup folder, 
you can click Tools > Options > Environment, then select Launch Notify at startup to have 
GroupWise automatically start Notify. 


By default, the Setup program adds GroupWise to the Windows Start Menu and includes 
a list of GroupWise tasks that can be performed directly from the Start Menu. 


When users install the Windows client for themselves, they can set these options according to their 


own preferences. 
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When you, as an administrator, distribute the Windows client software to users’ workstations, you 
can set these options according to your preferences, as described in: 


+ Section 77.1, “Using GroupWise AutoUpdate and SetupIP to Distribute the Group Wise 
Windows Client,” on page 1069 


+ Section 77.2, “Using ZENworks Configuration Management to Distribute the GroupWise 
Windows Client,” on page 1085 
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15.1 


75.1.1 


75.1.2 


Setting Up GroupWise Client Modes and 
Accounts 


As a GroupWise administrator, you might need to help users with the various GroupWise modes and 
account types. 


+ Section 75.1, “GroupWise Client Modes,” on page 1017 
+ Section 75.2, “Email Accounts,” on page 1022 


GroupWise Client Modes 


GroupWise provides three different ways to run the GroupWise client: Online mode, Caching mode, 
and Remote mode. 

+ Section 75.1.1, “Online Mode,” on page 1017 

+ Section 75.1.2, “Caching Mode,” on page 1017 

+ Section 75.1.3, “Remote Mode,” on page 1019 


Most GroupWise features are available in all three GroupWise modes, with a few exceptions: 


¢ Subscribing to other users’ notifications is not available in Caching mode. 


+ Subscribing to other users’ notifications and Proxy are not available in Remote mode. 


Online Mode 


When users use Online mode, they are connected to their post office on the network. The user’s 
mailbox displays the messages and information stored in the network mailbox, which is called the 
Online mailbox. Online mode is connected to the Online mailbox continuously. In Online mode, if the 
Post Office Agent (POA) shuts down or users lose network connection, they temporarily lose the 
connection to their mailboxes. 


Users should use this mode if they do not have a lot of network traffic, or if they use several different 
workstations and do not want to download a local mailbox to each one. 


Caching Mode 


Caching mode stores a copy of a user’s Online mailbox, including messages and other information, 
on the user’s local drive. This allows GroupWise to be used whether or not the network or Post Office 
Agent is available. Because the user is not connected to the network all the time, this mode cuts down 
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on network traffic and has the best performance. A connection is made automatically to retrieve and 
send new messages. All updates are performed in the background so GroupWise work is not 
interrupted. 


Users should use this mode if they have enough disk space on the local drive to store the Caching 
mailbox. If users run Caching mode and Remote mode on the same computer, the same local mailbox 
can be used to minimize disk space usage. 


By backing up their Caching mailboxes, users can protect items that might be deleted if the system is 
set up to automatically clean up items (or if the system administrator runs an Expire and Reduce). 


Several users can set up their Caching mailboxes on a single shared computer. 


The default location for a Caching mailbox varies by client platform: 


Windows 7: c:\Users\user name\AppData\Roaming\Novell\GroupWise 
Windows Vista: c:\Users\user name\AppData\Local\Novell\GroupWise 


Windows XP: c:\Documents and Settings\user name\Local Settings\ 
Application Data\Novell\GroupWise 


+ “Allowing or Forcing Use of Caching Mode” on page 1018 
+ “Downloading the GroupWise Address Book in Caching Mode” on page 1019 


Allowing or Forcing Use of Caching Mode 


As the GroupWise administrator, you can allow or disallow the use of Caching mode, and can also 
force users to log in to GroupWise in Caching mode. 


1 In ConsoleOne, click Tools > GroupWise Utilities > Client Options. 
2 Click Environment > Client Access. 

3 Select or deselect Allow Use of Caching Mode. 

4 Select or deselect Force Use of Caching Mode. 


Specify the number of days before Caching mode will be enforced. This allows the user to 
continue using Online mode until the grace period has passed. The grace period begins the first 
time the user connects to the POA. The setting applies per user per workstation. 


The Force Caching Mode setting is not enforced on a workstation that does not have enough disk 
space for a Caching mailbox. The amount of disk space that is required is the size of the mailbox 
+ 20 MB + 25% of the mailbox size. 


The Force Caching Mode setting is also not enforced when a user connects from a shared 
Windows workstation or terminal server if you configure these workstations to be excluded. You 
do this by setting a registry key on the Windows workstation. The registry key is in 

HKEY LOCAL MACHINE. Under Software\\Novell\\GroupWise\\Client, add a dword 
value named No Local Store with a value of 1. This prevents the user from creating a Caching or 
Remote mailbox by using the GroupWise Windows client menus. However, the user can still 
create a Caching or Remote mailbox by using the startup options /pc, /pr, or /ps. 


If you force Caching mode and then restrict Online mailbox size so that users have items in their 
Caching mailboxes that are no longer available online, you need to make sure users understand 
about doing backups. See “Backing Up Email” in “Maintaining GroupWise” in the GroupWise 2012 
Windows Client User Guide. 
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75.1.3 


Downloading the GroupWise Address Book in Caching Mode 


When users prime their Caching mailboxes, they receive a copy of the GroupWise Address Book. 
After the initial priming of the Caching mailbox, users can re-download the GroupWise Address 
Book and their personal address books in Caching mode by clicking View > Retrieve System Address 
Book or View > Retrieve Personal Address Book in the Address Book. Address books also be re- 
downloaded in Caching mode when users click Tools > Retrieve Entire Mailbox. 


Users can also specify to download the GroupWise Address Book (and any rules they have created) 
on a regular basis. 

1 In Remote or Caching mode, click Accounts > Account Options. 

2 Select the GroupWise account, then click Properties > Advanced. 


3 Select Refresh Address Books and Rules Every __ Days. By default this is set to 0 days, but it can be 
changed. 


If you configure the POA to generate the GroupWise Address Book regularly, Caching mode users 
always have a current copy to download. 


1 In ConsoleOne, right-click the POA object, then click Properties > GroupWise > Maintenance. 


On the Maintenance page, make sure that Generate Address Book for Remote is selected. You can choose 
the time when you want the generation to take place. 


If you want to generate the GroupWise Address Book for download more than once a day, you can 
delete the existing wprof50 . db file from the \wpcsout \ofs subdirectory of each post office. A new 
downloadable GroupWise Address Book is generated automatically for users on each post office. 


Remote Mode 


Remote mode is familiar to GroupWise users who use Hit the Road. Similar to Caching mode, a copy 
of the Online mailbox, or the portion of the mailbox that users specify, is stored on the local drive. 
Users can periodically retrieve and send messages with the type of connection they specify (modem, 
network, or TCP/IP). Users can restrict what is retrieved, such as only new messages or only message 
subject lines. 


As a GroupWise administrator, you can allow or disallow the use of Remote mode for client users. 
1 In ConsoleOne, click Tools > GroupWise Utilities > Client Options. 


2 Click Environment > Client Access. 
3 Select or deselect Allow Use of Remote Mode. 


The following topics explain the capabilities users have when they are allowed to use Remote mode. 
+ “Hit the Road” on page 1019 


+ “Remote Properties” on page 1020 


+ “Remote Mode Connections” on page 1020 


Hit the Road 


Users can use Hit the Road on the Tools menu (or startup option from Online mode to Remote mode) 
to create, set up, or update the Remote mailbox. A copy of the mailbox is created on the user's local 
drive and any current connections are detected and set up. If users have already used Caching mode, 
the local mailbox has already been created. Users can also use Hit the Road to create setup files ona 
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removable storage device (for example, a flash drive) to set up their Remote mailbox on a computer 
that is not connected to the network. Several users can set up their Remote mailboxes on a single 
shared computer. 


Hit the Road creates a network connection for the method (direct connection or TCP/IP) GroupWise 
uses to access the user's post office. GroupWise can then use this connection to connect to the 
GroupWise system, when running in Remote mode. For example, a network connection lets users of 
docked laptops run GroupWise in Remote mode and connect to the Group Wise system through the 
network connection rather than a modem connection. 


To use Hit the Road: 


1 Inthe GroupWise client, click Tools > Hit the Road. 


2 Follow the prompts to create the Remote mailbox on the computer or on a removable storage 
device. 


If Hit the Road created the user's Remote mailbox on a removable storage device, the user needs to 
install the Remote mailbox on the computer that will be running in Remote mode. 

1 Insertthe removable storage device containing the Remote mailbox into the computer. 

2 Runsetup.exe on the removable storage device. 


Follow the prompts. The Setup program creates a Remote mailbox and copies the reguired files 
to the computer’s hard drive. 


Remote Properties 


Users can change the way Remote mode is set up, including the connection, time zone, signature, and 
so on, in Account Options on the Accounts menu. Remote is listed as an account. 


By default, if an item is deleted from the Remote mailbox, the item is deleted from the Online 
mailbox the next time a connection is made. Deletion options in Remote Properties can be changed so 
that an item deleted from the Remote mailbox stays in the Online mailbox or vice versa. 


Remote Mode Connections 


+ “Setting Up a Network Connection” on page 1020 
+ “Setting Up a TCP/IP Connection” on page 1021 


Setting Up a Network Connection 


While running in Remote mode, GroupWise can connect to the user’s Online mailbox using a 
network connection. A network connection is useful for laptop users connecting to the network 
through a docking station, or for remote users connecting through a modem using remote node 
software. 


To create a network connection: 
1 In the client, log in or change to Remote mode. 
2 Click Accounts > Send/Retrieve > GroupWise Options. 
3 Click Network > OK. 
4 Type a descriptive name for the network connection in the Connection Name box. 


5 Type the path to any post office directory in the master GroupWise system. 
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Users can connect to their own post offices or to any post office in the master GroupWise system 
to access their Online mailboxes. 


6 Click a disconnect method: 


Method Description 


When All Updates Are Received Disconnects after reguests are sent and after all responses to the 
reguests are received (or disconnects automatically when the time 
allowed by the gateway has expired). 


Do Not Wait for Responses Disconnects immediately after reguests are sent and pending 
responses are received. Pending responses are responses to other 
reguests that are waiting to be downloaded to you. 


Manually Lets you manually control when to disconnect (or disconnects 
automatically when the time allowed by the gateway has expired). 


7 Click OK. 
8 Selectthe connection you want, then click Select. 


9 Selectthe location you are connecting from in the Connecting From box. If none are listed, use the 
Default Location option. 


If you need to create a new location, click the Connect From button. This is useful for laptop users 
who are calling into the GroupWise system from different geographic locations. 


10 Click OK, then click Close. 


Setting Up a TCP/IP Connection 


A TCP/IP connection enables GroupWise, while running in Remote mode, to connect to the 
GroupWise system through a network connection using TCP/IP. A TCP/IP connection can be made 
through a network connection, such as a laptop connecting to the network through its docking 
station, or through a modem using remote node software. 


To create a TCP/IP connection: 


1 Inthe client, log in or change to Remote mode. 

2 Click Accounts > Account Options, then double-click the Remote account. 
3 Click Connection > Connect To > New > TCP/IP > OK. 

4 Type a descriptive name for the TCP/IP connection. 

5 Type the IP address or the DNS name. 

6 Type the IP port for this address. 
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7 Click a disconnect method: 


Method Description 


When All Updates Are Received Disconnects after reguests are sent and after all responses to 
the reguests are received (or disconnects automatically when 
the time allowed by the gateway has expired). 


Do Not Wait for Responses Disconnects immediately after reguests are sent and pending 
responses are received. Pending responses are responses to 
other reguests that are waiting to be downloaded to you. 


Manually Lets you manually control when to disconnect (or disconnects 
automatically when the time allowed by the gateway has 
expired). 

8 Click OK. 


9 Selectthe connection you want, then click Select. 


10 Selectthe location you are connecting from in the Connecting From box. If none are listed, use the 
Default Location option. 


If you need to create a new location, click the Connect From button. This is useful for laptop users 
who are calling into the GroupWise system from different geographic locations. 


11 Click OK, then click Close. 


75.2 Email Accounts 


¢ Section 75.2.1, “Accounts Menu,” on page 1022 


+ Section 75.2.2, “Enabling POP3, IMAP4, and NNTP Account Access in Online Mode,” on 
page 1022 


75.2.1 Accounts Menu 


In addition to the Remote account, users can access and configure POP3 and IMAP4 Internet email 
accounts and NNTP News accounts from the Accounts menu. While the user is in Remote and 
Caching mode, POP3, IMAP4, and NNTP accounts are accessed without needing to connect to the 
GroupWise system. If the system administrator enables it, users can also access and configure their 
POP3, IMAP4, and NNTP accounts from the Accounts menu in Online mode. 


75.2.2 Enabling POP3, IMAP4, and NNTP Account Access in Online Mode 


By default, POP3, IMAP4, and NNTP accounts can be added, configured, and accessed by users in 
Remote and Caching mode only. Account items and information are not accessible in Online mode, 
nor can items and information be uploaded to the Online mailbox until the system administrator 
enables it. 


To enable POP3, IMAP4, and NNTP account access for clients in Online mode for an entire post 
office: 


1 Make sure GroupWise 6.x or later agents have been installed. 
For more information, see Part X, “Message Transfer Agent,” on page 619. 


2 Make sure Internet Addressing is enabled. 
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For more information, see Section 4.11, “Internet Addressing,” on page 89. 
In ConsoleOne, select the Post Office object. 

Click Tools > GroupWise Utilities > Client Options. 

Click Environment > General. 

Select Allow Use of POP and IMAP Accounts in the Online Mailbox. 

Select Allow Use of News (NNTP) Accounts in the Online Mailbox. 

Click OK. 
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Setting Defaults for the GroupWise 
Client Options 


The GroupWise client includes options (preferences) that can be set by individual users. As a 
GroupWise administrator, you can determine the default settings for the options. If you don't want 
users to change the default settings that you have established, you can lock the settings. 


+ Section 76.1, “Client Options Summary,” on page 1025 
+ Section 762, “Setting Client Options,” on page 1030 
+ Section 76.3, “Resetting Client Options to Default Settings,” on page 1068 


76.1 Client Options Summary 


Default settings can be established at the user level, the post office level, or the domain level. User 
settings override post office settings, and post office settings override domain settings. 


If you set a lock on an option at a higher level, the higher level then overrides the lower-level setting. 
When you change an option and lock it, the new setting is immediately put into effect. 


1 In ConsoleOne, select a Domain, Post Office, or User object, then click Tools > GroupWise Utilities 
> Client Options. 


GroupWise Client Options x| 


$ v O 


Environment Send Documents 
Gg 
Security Calendar 


Close | Help 


The client options table in this section summarizes all client options and provides links to 
descriptions of the options. For more detailed instructions, see Section 76.2, “Setting Client Options,” 
on page 1030. 

+ Environment 

+ Send 

+ Documents 

¢ Security 


+ Calendar 
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Client Options Type Client Options Client Options 
Tab 


Environment General Refresh Interval 

Allow Shared Folder Creation 

Allow Shared Address Book Creation 

Check Spelling As You Type 

Check Spelling Before Send 

Show Messenger Presence 

Allow Use of POP and IMAP Accounts in the Online Mailbox 
IMAP Copy Results in a GroupWise Move 

Allow Use of News (NNTP) Accounts in the Online Mailbox 


Click Tools > 
GroupWise Utilities > 
Client Options > 
Environment 


Client Access Client Licensing 
Full License Mailboxes 
Limited License Mailboxes 
Client Login Mode 
Allow Use of Remote Mode 
Allow Use of Caching Mode 
Force Caching Mode after Days 
Show Login Mode Drop-Down List on Client Toolbar 


Views View Options 

Read Next After Accept, Decline, or Delete 
Open New View after Send 

Allowable Read Views 
Plain Text 
HTML 

Allowable Compose Views 
Plain Text 
HTML 

Disable HTML View 


File Location Archive Directory 
Custom Views 
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Client Options Type Client Options 
Tab 


Cleanup 


Appearance 


Retention 


Junk Mail 


Client Options 


Mail and Phone 
Manual Delete and Archive 
Auto-Delete After 
Auto-Archive After 
Appointment, Task, and Note 
Manual Delete and Archive 
Auto-Delete After 
Auto-Archive After 
Empty Trash 
Manual 
Automatic After 
Purges 
Do Not Purge Items Until They Are Backed Up 
Prompt before Purging 
Perform Maintenance Purges on Caching/Remote 


Force Synchronization of Cleanup Options to Caching/ 
Remote 


Schemes 

Default 

GroupWise 6.5 

Simplified 

Custom 

Individual Settings 

Display Main Menu 

Display Nav Bar 

Display Main Toolbar 

Use GroupWise Color Schemes 

Blue, Olive Green, Silver, Sky Blue, Spring Green, 

Sterling Silver 

Display Folder List 
Favorites Folder List 
Simple Folder List 
Full Folder List 
Long Folder List 

Display QuickViewer 
QuickViewer at Bottom 
QuickViewer at Right 


Retention 


Junk Mail Handling 
Enable Junk Mail Using Junk Mail Lists 
Enable Junk Mail Using Personal Address Book 
Enable Junk Calendaring Using Personal Address Book 
Auto-Delete After 
Enable Blocked Mail Using Block Mail Lists 
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Client Options Type 


Send 


Click Tools > 
GroupWise Utilities > 
Client Options > 
Send 


Client Options 
Tab 


Calendar 


Novell Vibe 


Tutorial 


Address Book 


Reply Format 


Send Options 


Mail 


Appointment 
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Client Options 


Web Calendar Publishing Host 

Enable Calendar Publishing 

Enable Rules to Move Items to a Published Calendar 
Enable Publish Free/Busy Search 

Enable Subscribe to Calendar 


Enable Novell Vibe 
Novell Vibe URL 


Training and Tutorial URL 


Enable Auto-Saving 
Save Addresses of Items That Are Received 
Save Addresses of Items That Are Sent 


Allow Creation of User Defined Fields in the Personal 
Address Book 


Plain Text Reply Format 
HTML Reply Format 


Classification 
Normal, Proprietary, Confidential, Secret, Top Secret, 
For Your Eyes Only 
Priority 
High, Standard, Low 
Reply Reguested 
When Convenient, Within __ Days 
MIME Encoding 
Allow Use of “Reply to All” in Rules 
Allow Use of “Internet Mail” Tracking 
Expiration Date 
Delay Delivery 
Wildcard Addressing 
Notify Recipients 
Convert Attachments 
Allow Reply Rules to Loop 
Maximum Recipients Allowed 
Restricted Attachment Extensions 


Create a Sent Item to Track Information 
Delivered, Delivered and Opened, All Information, 
Auto-Delete Sent Item 
Return Notification 
When Opened/Deleted 
None, Mail Receipt, Notify, Notify and Mail 


Create a Sent Item to Track Information 
Delivered, Delivered and Opened, All Information, 
Auto-Delete Sent Item 
Return Notification 
When Opened/Accepted/Deleted 
None, Mail Receipt, Notify, Notify and Mail 


Client Options Type 


Documents 


Click Tools > 
GroupWise Utilities > 
Client Options > 
Documents 


Security 


Click Tools > 
GroupWise Utilities > 
Client Options > 
Security 


Client Options 
Tab 


Task 


Note 


Security 


Disk Space 
Management 


Global Signature 


Library 
Configuration 


Password 


Client Options 


Create a Sent Item to Track Information 
Delivered, Delivered and Opened, All Information, 
Auto-Delete Sent Item 
Return Notification 
When Opened/Accepted/Completed/Deleted 
None, Mail Receipt, Notify, Notify and Mail 


Create a Sent Item to Track Information 
Delivered, Delivered and Opened, All Information, 
Auto-Delete Sent Item 
Return Notification 
When Opened/Deleted 
None, Mail Receipt, Notify, Notify and Mail 


Conceal Subject 
Reguire Password to Complete Routed Item 
Secure Items Options 

Do Not Allow Use of S/MIME 

URL for Certificate Download 

Sign Digitally 

Encrypt for Recipients 

Encryption Key Size 


User Limits 
Mailbox Size Limit 
Threshold for Warning Users 
Maximum Send Message Size 
Limits Apply to Cache 
Notify the Administrator When Threshold Limit Is 
Exceeded 
Notify the Administrator When Size Limit Is Exceeded 


Global Signature 
Apply Signature to All Messages 
Apply Signature to External Messages Only 


Default Library 


Enter New Password 

Clear User’s Password 

Allow Password Caching 

Allow eDirectory Authentication Instead of Password 
Enable Single Sign-On 

Use Collaboration Single Sign-On (CASA) 
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Client Options Type Client Options Client Options 
Tab 


Macros View Macro Security 
Always Play Received Macros 
Never Play Received Macros 
Always Prompt Before Playing a Macro 


Notify Check for Mail Every 


Date and Time Calendar Month Display Option 
First of Week 
Highlight Day 
Show Week Number 
Appointment Options 
Include Myself on New Appointments 
Display Appointment Length As Duration, End Date 
and Time 
Default Length 
Alarm Options 
Set Alarm When Accepted 
Default Alarm Time 
Work Schedule 
Start/End Time 
Work Days 


Click Tools > 
GroupWise Utilities > 
Client Options > 
Date and Time 


Busy Search Appointment Length 
Range and Time to Search 
Days to Search 


76.2 Setting Client Options 


Default settings can be established at the user level, the post office level, or the domain level. User 
settings override post office settings, and post office settings override domain settings. 


If you set a lock on an option at a higher level, the higher level then overrides the lower-level setting. 
When you change an option and lock it, the new setting is immediately put into effect. 


To modify the default settings for the GroupWise client: 
1 In ConsoleOne, click a Domain object if you want to modify the settings for all users in the 
domain. 
or 
Click a Post Office object if you want to modify the settings for all users in the post office. 
or 


Click a User object or GroupWise External Entity object if you want to modify settings for the 
individual user. To change the same settings for multiple users, select multiple objects. 


2 With the appropriate GroupWise object selected, click Tools > GroupWise Utilities > Client Options 
to display the GroupWise Client Options dialog box. 
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GroupWise Client Options x| 


$ xv U 


Environment Send Documents 


a & 


Security Calendar 


Close | Help | 


3 To set the Environment options, click Environment, then continue with Section 76.2.1, 
“Modifying Environment Options,” on page 1031. 


or 


To set the Send options, click Send, then skip to Section 76.2.2, “Modifying Send Options,” on 
page 1050. 


or 


To set the Documents options, click Documents, then skip to Section 76.2.3, “Modifying 
Documents Options,” on page 1061. 


or 


To set the Security options, click Security, then skip to Section 76.2.4, “Modifying Security 
Options,” on page 1061. 


or 


To set the Date and Time options, click Date and Time, then skip to Section 76.2.5, “Modifying 
Calendar Options,” on page 1065. 


76.2.1 Modifying Environment Options 


1 If the Environment Options dialog box is not displayed, follow the instructions in Section 76, 
“Setting Defaults for the GroupWise Client Options,” on page 1025 to display the dialog box. 
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fc] Environment Options: Sales 


Novell vibe | Tutorial | Address Book | Conferencing | Reply Format 
Cleanup Appearance Retention JunkMail | Calendar 
i Client Access | File Location 


xj 


Views 


Refresh Interval 


leer | 1 minutes 0 seconds 


F Allow shared folder creation 
FF Allow shared address book creation 
M Check spelling as you type 
J7 Check spelling before send 
T Show Messenger presence 
(Note: Internet Addressing must be configured for the following options to 


work correctly) 
5 | 


JT Allow use of POP and IMAP accounts in the Online Mailbox 


IMAP Action Results 


r IMAP copy results in a GroupWise move 


T Allow use of news (NNTP) accounts in the Online Mailbox 


Restore Default Settings | 


Help 


2 Click the tab that contains the options you want to change. Refer to the following sections for 
information about options: 


“Environment Options: 
“Environment Options: 
“Environment Options: 
“Environment Options: 
“Environment Options: 
“Environment Options: 
“Environment Options: 
“Environment Options: 
“Environment Options: 
“Environment Options: 
“Environment Options: 


General” on page 1033 


Client Access” on page 1035 


Views” on page 1037 


File Location” on page 1038 


Cleanup” on page 1039 
Appearance” on page 1041 
Retention” on page 1042 
Junk Mail” on page 1043 
Calendar” on page 1045 
Novell Vibe” on page 1046 
Tutorial” on page 1047 


“Environment Options: Address Book” on page 1048 


“Environment Options: Conferencing” on page 1048 


“Environment Options: Reply Format” on page 1049 
If you want to prevent users from changing an option’s setting, click the lock button next to it. 


After you click it, the lock button indicates whether the setting is locked at the domain level, the 
post office level, or the user level. 


If you want to return all the options on a tab to their default settings, click Restore Default 
Settings. 


5 When you are finished, click OK to save your changes. 
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Environment Options: General 


The General options determine such settings as the refresh interval for new messages, whether users 
can create shared folders and address books, and which types of accounts can be used in Online 
mode. 


x 
Novell vibe | Tutorial | Address Book | Conferencing | Reply Format 
Appearance | Retention |  JunkMail | Calendar 
Client Access | Views | File Location 
pRefresh Interval | 
Every: 1 = minutes 0 = seconds [a | 
IV Allow shared folder creation [oii 
IV Allow shared address book creation on 
F Check spelling as you type i 
F Check spelling before send [oii 
D Show Messenger presence SW 


(Note: Internet Addressing must be configured for the following options to 
work correctly) 


J Allow use of POP and IMAP accounts in the Online Mailbox o% | 
-IMAP Action Results 
T IMAP copy results in a GroupWise move [oli 
JT Allow use of news (NNTP) accounts in the Online Mailbox on | 
Restore Default Settings | 


Refresh Interval 


Determine how often the GroupWise client lists will be updated to reflect new message status. The 
default is 1 minute. 


Allow Shared Folder Creation 


Enables users to share folders with other users. By default, this option is enabled. 


Allow Shared Address Book Creation 


Enables users to share address books with other users. By default, this option is enabled. 


Check Spelling As You Type 


Automatically spell checks as text is typed. By default, this option is enabled. 


Check Spelling Before Send 


Automatically spell checks the message text of each item before the item is sent. By default, this 
option is disabled. 
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Show Messenger Presence 


Displays the Messenger presence information in the GroupWise Windows client. Messenger 
presence enables users to easily choose instant messaging as an alternative to email. Messenger 
presence icons appear in the From field of a received message, in the Ouick Info for users specified in 
the To, CC, and BC fields of a new message, and inthe Ouick Info for users in the Address Book. 
Messenger presence is enabled by default. 


Allow Use of POP and IMAP Accounts in the Online Mailbox 


Select this option to enable users to access POP and IMAP accounts while using the GroupWise client 
in Online mode. 


By default, this option is disabled. If you enable this option, an Accounts menu is added to the 
GroupWise client, allowing users to add POP and IMAP accounts to GroupWise, set account 
properties, and send and retrieve items from their POP and IMAP accounts. In addition, users are 
allowed to upload POP and IMAP items from the Remote mailbox to the Online mailbox. 


IMAP Copy Results in a GroupWise Move 


By default, when you move an item from one folder to another in an IMAP email client, the IMAP 
email client creates a copy of the item in the new location and marks the original item for deletion. 
The IMAP email client might display the original item with strikeout markup, to indicate that it will 
be deleted according to the cleanup schedule you have selected, or the IMAP email client might hide 
such items until they are automatically cleaned up. When this IMAP behavior synchronizes to your 
GroupWise mailbox, GroupWise by default displays the original items with the strikeout markup, 
and you might have been manually deleting those items from your GroupWise mailbox. Select this 
option so that items with strikeout markup no longer display in GroupWise. 


Allow Use of News (NNTP) Accounts in the Online Mailbox 


Select this option to enable users to set up newsgroup (NNTP) accounts while using the Group Wise 
client in Online mode. 
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Environment Options: Client Access 


The Client Access options allow you to apply a license type (full or limited) to users’ mailboxes and 
enable or disable the Remote and Caching modes in the GroupWise Windows client. 


Environment Options: Sales ‘x 


Novell vibe | Tutorial | Address Book | Conferencing | Reply Format 
Cleanup | ntion | JunkMal | Calendar 
General | views | File Location 


Client Licensing 


@ Full License Mailboxes ap | 


C Limited License Mailboxes 


Client Login Mode 


IV Allow use of "Remote" mode mk | 


IV Allow use of "Caching" mode 


F Force "Caching" mode after: 14 $days 


IV By default, show login mode drop-down list on client toolbar 


Restore Default Settings | 


Client Licensing 


GroupWise offers two types of mailbox licenses: full client mailbox licenses and limited client 
mailbox licenses. 


A full client mailbox license has no mailbox access restrictions; the mailbox can be accessed by the 
GroupWise Windows client and by GroupWise WebAccess, as well as any third-party plug-in or 
POP/IMAP email client. 


A limited client mailbox license restricts mailbox access to the following: 


+ GroupWise WebAccess (including mobile devices) 

* The GroupWise Windows client or GroupWise WebAccess via the Proxy feature 

+ The GroupWise Windows client or GroupWise WebAccess via the Busy Search feature 
+ A POP or IMAP client 


A limited client license mailbox does not allow access through the GroupWise client for Windows 
(other than via Proxy or Busy Search). 


You can use this option to specify the type of client license that you want applied to users’ mailboxes. 
This enables you to support the type of GroupWise mailbox licenses you purchase. For example, if 
you only purchased limited client license mailboxes for users on a specific post office, you can mark 
all mailboxes on that post office as being limited client license mailboxes. 


For information about generating an audit report that shows the type of license applied to each 
mailbox in a post office, see Section 12.4, “Auditing Mailbox License Usage in the Post Office,” on 
page 207. 
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Client Login Mode 


Choose from the following settings to determine which login modes are available to GroupWise 
users when using the GroupWise client for Windows. These settings apply only if you selected Full 
License Mailboxes for the client licensing. 


+ Allow Use of Remote Mode: Select this option to enable users to log in with GroupWise in 
Remote mode. With Remote mode, the GroupWise client uses a Remote mailbox on the user's 
local drive. The user must initiate a connection (modem, direct, or TCP/IP) to send or retrieve 
items from the GroupWise system. For more information about Remote mode, see Section 75.1.3, 
“Remote Mode,” on page 1019. By default, this option is enabled. 


+ Allow Use of Caching Mode: Select this option to enable users to log in with GroupWise in 
Caching mode. With Caching mode, the GroupWise client uses a Caching mailbox on the user's 
local drive (this can be the same mailbox as the Remote mailbox). The Group Wise client 
periodically initiates a connection with the GroupWise system to send and receive items. For 
more information about Caching mode, see Section 75.1.2, “Caching Mode,” on page 1017. By 
default, this option is enabled. 


Select the Force Caching Mode option (available only if the Allow Use of Caching Mode option is 
enabled) to force users to run in Caching mode. By default, this option is disabled. Specify the 
number of days before Caching mode is enforced. This allows the user to continue using Online 
mode until the grace period has passed. The grace period begins the first time the user connects 
to the POA. The setting applies per user per workstation. 


The Force Caching Mode setting is not enforced on a workstation that does not have enough disk 
space for a Caching mailbox. The amount of disk space that is reguired is: the size of the mailbox 
+20 MB + 25% of the mailbox size. 


The Force Caching Mode setting is also not enforced when a user connects from a shared 
Windows workstation or terminal server if you configure these workstations to be excluded. You 
do this by setting a registry key on the Windows workstation. The registry key is in 

HKEY LOCAL MACHINE. Under Software\\Novell\\GroupWise\\Client, add a dword 
value named No Local Store with a value of 1. This prevents the user from creating a Caching or 
Remote mailbox by using the GroupWise Windows client menus. However, the user can still 
create a Caching or Remote mailbox by using the startup options /pc, /pr, or /ps. 


+ By Default, Show Login Mode Drop-Down List on Client Toolbar: Select this option to have 
the Login Mode drop-down list displayed on the client's toolbar. This enables users to change the 
mode themselves and is necessary only if you allow multiple modes to be used. By default, this 
option is enabled. 
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Environment Options: Views 


The Views Environment options determine when items open, and whether or not users can read and 
compose messages in HTML. 


Environment Options: Sales xi 


Novell Vibe | Tutorial | Address Book | Conferencing | Reply Format 
Cleanup | Appearance | Retenti kMail | Calendar 
General | Client Access i File Location 


View Options 

IV Read next after accept, decline, or delete ay 
TF Open new view after send ay 
Allowable Read Views 


M Plain Text 
IV HTML (default) 


Set Default... 


Allowable Compose Views 


IV Plain Text o% 


F HTML (default) 


Set Default... 


[T Disable HTML view S 
Restore Default Settings | 


ji 


View Options 


Choose from the following settings to determine what occurs when the user performs an action that 
closes the current view. 


+ Read Next after Accept, Decline, or Delete: Select this option to have the next available 
received item automatically open after the user accepts, declines, or deletes an appointment, 
task, or note. By default, this option is enabled. 


+ Open New View after Send: Select this option to have a new send view open after a user sends 
a message. By default, this option is disabled. 


Allowable Read Views 
Choose from the following settings to determine what read views you allow the clients to use. 


+ Plain Text (Default): Select this option to allow users to read items in plain text. 
+ HTML: Select this option to allow users to read items in HTML. 


Click Set Default to select the default read views. 


Allowable Compose Views 
Choose from the following settings to determine what compose views you allow the clients to use. 


+ Plain Text (Default): Select this option to allow users to compose items in plain text. 


+ HTML: Select this option to allow users to compose items in HTML. 


Click Set Default to select the default compose views. 
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Disable HTML View 


Turns off the ability to view or compose messages in HTML View. 


Environment Options: File Location 


The File Location options determine the locations of users’ archive directories and the custom views 


directory. 
fe] Environment Options: Sales xÍ 
Novell vibe | Tutorial | Address Book | Conferencing | Reply Format 
Cleanup | Appearance | Retention | Junk Mail l Calendar | 
General | Client Access | Views i E 


Archive Directory 
UNC Path: 


ee | 


Linux Path: | 


pood || 
Custom Views: 


| os | 
Restore Default Settings | 


Archive Directory 


Select the directory to be used for archiving items for the Windows client. Each user must have his or 
her own archive directory. You could choose a location similar to the default location for users’ 
Caching mailbox, for example: 


Windows c:\Documents and Settings\user name\Local Settings\Application Data\ 
XP: Novell\GroupWise\archive 


Windows c:\Users\user_name\AppData\Local\Novell\GroupWise\archive 
Vista: 


Windows 7: c:\Users\user name\AppData\Roaming\Novell\GroupWise\archive 
Linux: /home/login name/gwarchive 


It could also be a personal user directory on a network server. If you select a network drive, make 
sure users have the necessary rights to access the location. 


IMPORTANT: If you want to use a network location, do not specify the same directory for users in 
more than one post office. The names of users’ individual archive directories are based on their FIDs. 
FIDs are unique within a post office, but users in different post offices can have the same FID. 
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Custom Views 


This option applies only if you are using custom views. Select the directory where the views are 
located. The GroupWise product does not include the capability to design custom views, but third- 
party products make use of this feature to support their specialized capabilities. 


Environment Options: Cleanup 


The Cleanup options determine the delete and archive settings for GroupWise items (mail messages, 
phone messages, appointments, tasks, and notes). 


Environment Options: Sales xj 
General | Client Access | Views | File Location 
Novell vibe | | Tutorial | Address Book | Conferencing | Reply Format 


Appearance | Retention | Junk Mail | Calendar 


f Mail and Phone 
(° Manual Delete and Archive E 

| C Auto-Delete after: ER: ays 

| C Auto-Archive after: EJE. ays 


-Appointment, Task, and Note 
| (* Manual Delete and Archive 


C Auto-Delete after: 14 toys 
| C Auto-Archive after: 14 Says 


Empty Trash 


Ei 


C Manual 
(° Automatic after: 7 Less 


FT Do not purge items until they are backed up 


J Prompt user before purging 


F Perform maintenance purges on caching/remote 


Ea Jala 


T Force synchronization of cleanup options to caching/remote 


Restore Default Settings 


Mail and Phone 


Choose from the following settings to determine how mail and phone messages are deleted and 
archived: 


+ Manual Delete and Archive: Select this option to have mail and phone messages deleted or 
archived only when users manually do it. This is the default setting. 


+ Auto-Delete After: Select this option to have GroupWise automatically delete mail and phone 
messages that are older than the specified number of days. If you use this option, you should 
notify users so they know they must archive items they want to save. 


+ Auto-Archive After: Select this option to have GroupWise archive mail and phone messages 
that are older than the specified number of days. Users must have an archive directory specified 
in order for items to be archived. See “Environment Options: File Location” on page 1038 for 
information about setting a default archive directory location. 
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Appointment, Task, and Note 


Choose from the following settings to determine how appointments, tasks, and notes are deleted or 
archived: 


+ Manual Delete and Archive: Select this option to have appointments, tasks, and notes deleted 
or archived only when users manually do it. This is the default setting. 


+ Auto-Delete After: Select this option to have GroupWise automatically delete appointments, 
tasks, or notes that are older than the specified number of days. If you use this option, you 
should notify users so they know they must archive items they want to save. 


+ Auto-Archive After: Select this option to have GroupWise automatically archive appointments, 
tasks, and notes older than the specified number of days. Users must have an archive directory 
specified in order for items to be archived. See “Environment Options: File Location” on 
page 1038 for information about setting a default archive directory location. 


Empty Trash 


Deleted items are moved to the Trash folder. They can be retrieved from the Trash until it is emptied. 
Items in the Trash still take up disk space. Select from the following settings to determine how the 
Trash folder is emptied: 


¢ Manual: Select this option to require the user to manually empty the Trash. This is the default 
setting. 


+ Automatic: Select this option to have GroupWise automatically empty items from the trash after 
they have been in it for the specified number of days. 


Purges 


+ Do Not Purge Items Until They Are Backed Up: Select this option to prevent items that have 
not been backed up from being removed from the Trash. This option is disabled by default. 


Select the Prompt Before Purging option (available only if Do Not Purge Items Until They Are Backed 
Up is disabled) to prompt the user to confirm the purging of any files that have not been backed 
up. 

+ Perform Maintenance Purges on Caching/Remote: On the Disk Space Management page (Tools 
> GroupWise Utilities > Client Options > Send > Disk Space Management) in ConsoleOne, you can 
limit the size of users’ Online mailboxes. You can now enforce the same mailbox size limits on 
users’ Caching and Remote mailboxes, wherever those mailboxes are located. 


The size limit is applied to users’ Caching and Remote mailboxes regardless of the amount of 
available disk space on users’ hard drives. The size limit is applied the next time the GroupWise 
Windows client synchronizes with users’ Online mailboxes. Because users might lose items that 
they have been storing locally when the size limit is enforced, you should warn users that size 
limits are going to be placed on their local Caching and Remote mailboxes. 


Force Synchronization of Cleanup Options to Caching/Remote 
Transfers the cleanup options you set in ConsoleOne to users’ Caching and Remote mailboxes and 


locks them, so that the cleanup options are performed even if users are working in their Caching or 
Remote mailboxes without being connected to the network. 
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Environment Options: Appearance 


The Appearance options determines the appearance of the Group Wise Windows client. 


Environment Options: Sales x| 
General l Client Access | Views | File Location 
Novell vibe | Tutorial Address Book | Conferencing | Reply Format 
Cleanup  : | Retention | Junkmail | Calendar 

Choose a Scheme 
Schemes: [Defaut a 
Choose Individual Settings 
F Display Main Menu ml F Display Folder List io} | 
F Display Nav Bar [oii M Favorites Folder List 
V Simple Folder List 
F Display Main Toolbar on ae 


F Full Folder List 
F Long Folder List 


Sky Blue bd | I Display Quickviewer | 
c at Bottom 


IV Use GroupWise Color Schemes on 


Lx | Cancel | Help | 


Schemes 


There are four available schemes that determine how the GroupWise Windows Client appears. 
+ Default: The Default scheme has a new color scheme and displays the Nav Bar, Full Folder List, 
the Main Menu, and two columns with panels. 


+ GroupWise 6.5: The GroupWise 6.5 scheme has the Folder List, Main Toolbar, and Item List, 
displaying in the old colors. 


+ Simplified: The Simplified scheme has a new color scheme and has the Nav Bar, Simple Folder 
List, and two columns with panels. 


+ Custom: The Custom scheme allows you to set the appearance settings however you like. If you 
edit one of the predefined schemes, those settings become your Custom scheme. 


Individual Settings 


You can also control individual appearance settings for the GroupWise Windows client. 


+ 


Display Main Menu: Displays the menu at the top of the window in the Group Wise client. 
+ Display Nav Bar: Displays the Nav Bar at the top of the window in the GroupWise client. 


+ 


Display Main Toolbar: Displays the toolbar underneath the Navigation bar in the Group Wise 
client. 


GroupWise Color Scheme: Overrides any operating system color schemes for the GroupWise 
client. You can select Blue, Olive Green, Silver, Sky Blue, Spring Green, or Sterling Silver. 
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+ Display Folder List: Displays the Folder list on the left side of the window in the GroupWise 
client. You can select from a Favorites Folder List, Simple Folder List, Full Folder List, or Long 
Folder List. For descriptions, see “Customizing Individual GroupWise Appearance Settings” in 
“Getting Organized” in the GroupWise 2012 Windows Client User Guide. 


* Display OuickViewer: Displays the OuickViewer in the GroupWise client. You can select to 
display the OuickViewer on the right side or at the bottom. 


Environment Options: Retention 


The Retention tab is displayed only if the Provides Message Retention Service setting is turned on for 
a trusted application. For information, see Section 4.12, “Trusted Applications,” on page 90. 


Message retention is configurable only by administrators, not by GroupWise users. The Retention 
options do not display in the GroupWise client. 


Environment Options: Sales xÍ 
General | Client Access | Views | File Location 
Novell Vibe | Tutorial | Addre: 


Cleanup | Appearance Junk Mail | Calendar 


J Enable Message Retention Service "Y 


Description: 


Enable Message Retention Service 


Select this option to enable the Message Retention Service. If you are setting client options for a 
domain, all user mailboxes in the domain support message retention. Likewise, if you are setting 
options for a post office, all user mailboxes in the post office support message retention. After a user's 
mailbox is enabled for message retention, the user cannot perform any action (purging, archiving, 
etc.) that removes messages from the mailbox until the messages have been copied to another storage 
location by a trusted application that has been designed to provide the Message Retention Service. 
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Environment Options: Junk Mail 


The Junk Mail Handling Environment options determine the junk mail handling functionality of the 
GroupWise client. 


fe] Environment Options: Sales xj 
General | Client Access | Views | File Location 
Novell vibe | Tutorial | Address Book | Conf 
Cleanup | Appearance | Retention — i 


Junk Mail Handling 
IM Enable Junk Mail Handling 
J Enable Junk Mail using Junk Mail Lists 
T Enable Junk Mail using Personal Address Book 
T Enable Junk Calendaring using Personal Address Book 


IV Auto-Delete after: 14 Less 


T Enable Blocked Mail using Block Mail Lists 


Restore Default Settings | 


(e 
O] 
(e 
(e 
O] 
O] 


L«_ | Cancel Help 


Junk Mail Handling 


Select Enable Junk Mail Handling to enable junk mail handling. This setting determines whether or not 
the Junk Mail Handling feature is available for a user. This setting affects both the client and the POA. 
Junk Mail Handling allows users to block or “junk” unwanted Internet email. When this setting is 
disabled, the client does not display any Junk Mail Handling menus or dialog boxes, and the POA 
does not perform any junk mail handling for the user. When this setting is enabled, the client displays 
Junk Mail Handling menus and dialog boxes, and the POA performs junk mail handling if the block 
and junk lists are also enabled. 


Enable Junk Mail Using Junk Mail Lists 


Select this option to cause junking based on email addresses and domain names available to users. A 
user can junk email from a specific Internet email address or from an entire Internet domain, when 
the email addresses and Internet domains are listed in the user’s Junk List. (Initially, there are no 
entries in a user’s junk list.) Junked items are delivered to the Junk Mail folder in the user’s Mailbox. 


When this setting is enabled or disabled and not locked, the user’s initial setting to use the Junk List is 
enabled or disabled. Users can change the setting. When the setting is enabled and locked, a user's 
Enable Junk List setting is enabled and cannot be disabled. When the setting is disabled and locked, 
the Junk List is unavailable to the user. Client menu options and dialog boxes involving the Junk List 
are not displayed. 


Setting Defaults for the GroupWise Client Options 1043 


Enable Junk Mail Using Personal Address Book 


Select this option to cause junking based on personal address book entries available to users. A user 
can junk email from all users whose addresses are not in any personal address books (including 
Freguent Contacts) without building a Junk List. 


When this setting is enabled or disabled and not locked, the user's initial setting to use personal 
address books is enabled or disabled. Users can change the setting. When the setting is enabled and 
locked, a user's Enable Junk Mail Using Personal Address Book setting is enabled and cannot be disabled. 
When the setting is disabled and locked, this option is unavailable to the user. 


Enable Junk Calendaring Using Personal Address Book 


Select this option to make junking of calendar items based on personal address book entries available 
to users. A user can junk calendar items from all users whose addresses are not in any personal 
address books (including Freguent Contacts) without building a Junk List. 


Auto-Delete After 


Select this option and specify the number of days after which you want junked items to be 
automatically deleted from users' mailboxes. The default is 14 days. 


When this setting is enabled or disabled and not locked, the user's initial setting to delete junked 
items is enabled or disabled. Users can change the setting. When the setting is enabled and locked, a 
user's Automatically Delete Items setting is enabled and cannot be disabled. When the setting is 
disabled and locked, this option is unavailable to the user. 


Enable Blocked Mail Using Block Mail Lists 


Select this option to make blocking available to users. A user can block email from an Internet email 
address or Internet domain, when blocked email addresses and Internet domains are listed in the 
user's Block List. (Initially, there are no entries ina user's Block List.) Blocked items are blocked when 
the POA processes delivery to the user's mailbox, and the items are never delivered to the user's 
mailbox. When the POA log uses verbose mode, the log displays information about blocked items. 


When this setting is enabled or disabled and not locked, the user's initial setting to use the Block List 
is enabled or disabled. Users can change the setting. When the setting is enabled and locked, a user's 
Block List setting is enabled and cannot be disabled. When the setting is disabled and locked, 
blocking is unavailable to the user. Client menu options and dialog boxes involving the Block List are 
not displayed. 
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Environment Options: Calendar 


The Calendar options enable various types of calendar publishing for GroupWise users. 


Environment Options: Sales xj 
General l Client Access l views | File Location 
Novell vibe | Tutorial | Address Book | Conferencing | Reolv Format | 
Cleanup | Appearance | Retention | JunkMal | Ë 
Web Calendar Publishing Host: 
Windows Calendar Publishing Host hi oli | 
Calendar publish control 
F Enable calendar publishing Di Ga 
IV Enable rules to move items to a published calendar SA 
-Free/Busy search publish control — — 
[M Enable publish free/busy search oi | 
Calendar subscribe control 
I Enable subscribe to calendar ol Ga] 
Restore Default Settings | 


Web Calendar Publishing Host 


Select the Calendar Publishing Host for this domain or post office from the drop-down list. For setup 
instructions, see “Installing the GroupWise Calendar Publishing Host” in the GroupWise 2012 
Installation Guide. 


Enable Calendar Publishing 


Select this option to let users publish personal GroupWise calendars on the Internet. When calendar 
publishing is enabled, users of the Group Wise Windows client and GroupWise WebAccess can right- 
click a personal calendar, then click Publish to select options for publishing a personal calendar. 


Enable Rules to Move Items to a Published Calendar 


Select this option to allow users to create rules that move specific items to a published GroupWise 
calendar. Rules are disabled by default. 


Enable Publish Free/Busy Search 


Enable this option to allow users to make their appointment information available to external users, 
so that external users can perform Free/Busy Searches on users' GroupWise calendars. Free/Busy 
searching is disabled by default. 


Enable Subscribe to Calendar 


Select this option to allow users to subscribe to Internet calendars that are updated on a regular basis, 
such as calendars for sporting events. Calendar subscription is enabled by default. Calendar 
subscription can be enabled even if no Calendar Publishing Host has been selected. 
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Environment Options: Novell Vibe 


The Novell Vibe options provide access to a Novell Vibe site for GroupWise users. Novell Vibe 
enhances GroupWise by providing easy document management and sharing, team calendars and 
task lists, workflows, discussion threads, wikis, blogs, and RSS feeds. 


Environment Options: Development xÍ 
Cleanup | Appearance | Retention | JunkMail | Calendar 


General | Client Access | Views | File Location 
Novell Vibe | Tutorial | Address Book | Conferencing | Reply Format 


(Example: https://vibe, novell, com/sst/ws/Teamingservicey1) 


Restore Default Settings 


Cancel Help 


Enable Novell Vibe 


Select this option to provide GroupWise Windows client users with a Novell Vibe folder in their 
mailboxes. The Novell Vibe folder links to the Novell Vibe site associated with your GroupWise 
system. For more information, see “Enabling GroupWise/Vibe Integration for GroupWise Windows 
Client Users” in “Novell Vibe” in the GroupWise 2012 Interoperability Guide. 


Novell Vibe URL 
Specify the URL of the Novell Vibe site. The following format is required: 
http://vibe_server:port_number/ssf/ws/TeamingServiceV1 


Replace vibe_server with the base URL of the server where Novell Vibe is running. If you are using 
the default port number, specifying port_number is optional. The remainder of the URL provides 
GroupWise with information it needs in order to display the Vibe site correctly within GroupWise 
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Environment Options: Tutorial 


The Tutorial option provides the ability to change the URL that is displayed when the user clicks Help 


> Training and Tutorials in the Group Wise Windows client. 


fe] Environment Options: Sales x| 
Cleanup | Appearance | Retention | JunkMail | Calendar 


General 


Bi Client Access Views File Location 
Novell vibe | il 


i| Address Book | Conferencing | Reply Format 


Training and Tutorials URL: 
Restore Default Settings | 


Training and Tutorial URL 
The default URL is: 


http://www.novell.com/products/groupwise/brainstorm_training/index.html (http:// 
www.brainstorminc.com/landing/product-integration/novell/gw-2012-guickhelp.aspx) 


If you purchase more in-depth training from BrainStorm, or you want to provide your own 
customized training materials for your GroupWise users, you can specify the URL that Help > 
Training and Tutorials displays. 


Specify the URL for a custom training and tutorial Web page. 
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Environment Options: Address Book 


The Address Book options enable you to control how users configure the functioning of their 
Freguent Contacts address books. You can also control whether users can create custom columns in 


their personal address books. 


Environment Options: Sales x| 
Cleanup | Appearance | Retention | JunkMail | Calendar 
General | Cli Views | File Location 


Novell vibe | Tutorial 71 Conferencing | Reply Format 


Frequent Contacts 


IM Enable auto-saving SR] 


[ Save addresses of items that are received 
T From external sources (Internet) 
J From internal sources 
F Only if my name or ID is in the ‘To; Field 


IV Save addresses of items that are sent 
F To external sources (Internet) 


[V To internal sources 


IV Allow creation of User Defined Fields in the Personal Address Book 


Restore Default Settings 


Enable Auto-Saving 


By default, email addresses of those to whom users send messages are automatically added to their 
Frequent Contacts address books. Users can also choose to automatically save email addresses of 
those from whom they receive messages. Deselect this option if you do not want email addresses to 
be automatically saved. 


+ Save Addresses of Items That Are Received: Select this option to allow users to automatically 
add external and internal email address from items that they receive to their Frequent Contacts 
address books. If desired, you can restrict users to collecting email addresses only if the user’s 
name or email address appears in the To field, as opposed to the CC or BC fields. 


+ Save Addresses of Items That Are Sent: Select this option to allow users to automatically add 
external and internal email address from items that they send to their Frequent Contacts address 
books. 


Allow Creation of User Defined Fields in the Personal Address Book 


Select this option to allow users to create custom columns in their personal address books. 


Environment Options: Conferencing 


The Novell Conferencing product is being discontinued. 
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Environment Options: Reply Format 


In the GroupWise Windows client, users can set the format that they want to use for replies to 
GroupWise items, as described in “Setting the Default Reply Format” in “Email” in the GroupWise 
2012 Windows Client User Guide. The Reply Format options in ConsoleOne control which reply format 
options are available to users in the GroupWise client. 


Environment Options: Sales xj 


Cleanup | Appearance | Retention | JunkMail | Calendar 
General Client Access Views File Location 
Novell vibe | Tutorial | Address Book | Conferencing 


Plain text reply format: r First line of reply contains: 


@ GroupWise classic ay | M >>> 
C Include headers F Date 
C Internet standard 


Separator: > e | 
| 


M Message identifier 


M User 


SEVEN IE 


-Type my reply: 
| 
Tap f Bottom - MJ Emailladdress 
HTML reply format: First line of reply contains: | 
@ GroupWise classic ay | M >> 
| 
C HTML enhanced [7 Date 


Type my reply: — 


Include headers 
us i S| M Message identifier 
1 


lll ed 214 


Plain Text Reply Format 


+ GroupWise Classic: Provides separator characters, original sender, date, and time. 


* Include Headers: Allows the selection of the separator character; provides the original sender, 
recipient, date, time, and subject. 


+ Internet Standard: Allows the selection of the separator character; allows you to include the 
original sender, email address, date, time, and message identifier. 


+ Type My Reply: Select Top or Bottom if you selected Include Headers or Internet Standard above. 


* First Line of Reply Contains: Select one or more pieces of information to include in the first line 
of the reply. 


HTML Reply Format 


+ GroupWise Classic: Provides separator characters, original sender, date, and time. 


+ HTML Enhanced: Allows the selection of the separator character; allows you to include the 
original sender, email address, date, time, and message identifier. Select Include Headers to 
provide the original sender, recipient, date, time, and subject instead. 


+ Type My Reply: Select Top or Bottom if you selected Include Headers above. 
ype My Reply p y 


* First Line of Reply Contains: Select one or more pieces of information to include in the first line 
of the reply. 


Setting Defaults for the GroupWise Client Options 1049 


76.2.2 Modifying Send Options 


1 If the Send Options dialog box is not displayed, follow the instructions in Section 76, “Setting 
Defaults for the GroupWise Client Options,” on page 1025 to display the dialog box. 


Send Options: Development 


=o) 
{Send Options | Mail | Appt | Task || Note | Security | Disk Space Mgmt | Global Signature 


Classification 
(Expiration date 


| Normal v A 


E 


Priority 


O High [] Delay delivery 


© Standard |v 


E 


O Low Wildcard Addressing 


[C Reply requested 


Limited to post office 


< 


Notify recipients 


C] Convert attachments 


MIME Encoding 
[C] Allow reply rules to loop 
[a] 


[utF-s v 
I~) 


Allow use of "Reply to all" in rules Restricted Attachment Extensions (space delimited) 


[V] Allow use of "Internet mail" tracking 


Restore Default Settings 


Maximum Recipients Allowed 0 


2 Click the tab that contains the options you want to change. Refer to the following sections for 
information about options: 


“Send Options: Send Options” on page 1051 

“Send Options: Mail” on page 1053 

“Send Options: Appointment” on page 1054 

“Send Options: Task” on page 1055 

“Send Options: Note” on page 1056 

“Send Options: Security” on page 1057 

“Send Options: Disk Space Management” on page 1059 
“Send Options: Global Signature” on page 1060 


3 If you want to prevent users from changing an option’s setting, click the lock button next to it. 


After you click it, the lock button indicates whether the setting is locked at the domain level, the 
post office level, or the user level. 


4 If you want to return all the options on a tab to their default settings, click Restore Default 
Settings. 


5 When you are finished, click OK to save your changes. 
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Send Options: Send Options 


The Send Options determine general settings that apply to all GroupWise item types (mail messages, 
phone messages, appointments, tasks, and notes). 


Send Options: Development 
{Send Options i Mail | Appt | Task | Note | Security | Disk Space Mgmt || Global Signature 


Classification 


Expiration date 


E 


| Normal 


Ad 
Priority 


O High 


Delay delivery 


E 


© Standard 
© Low 


[C Reply requested 


Wildcard Addressing 


$] 


Limited to post office 


[M] Notify recipients 


C Convert attachments 
MIME Encoding 


[O Allow reply rules to loop 
UTF-8 


0 [a] 


E) 
ly) 
Restricted Attachment Extensions (space delimited) 


Maximum Recipients Allowed 


Allow use of "Reply to all" in rules 


v] Allow use of “Internet mail" tracking 


Restore Default Settings 


Classification 


Select the default for the security classification label at the top of the message box. The classifications 
do not provide any encryption or additional security. They are meant to alert the recipient to the 
relative sensitivity of the item. The options are Normal, Proprietary, Confidential, Secret, Top Secret, and 
For Your Eyes Only. The default is Normal. 


Priority 


Select High, Standard, or Low as the default item priority. Priority determines which post office 
directory an item is placed in. This, in turn, determines how quickly items are delivered. High 
priority items are queued ahead of normal or low priority items. 


Reply Requested 


Select the Reply Requested option to have items always include a reply request. By default, this option 
is disabled. If you enable the option, select whether the recipient is asked to reply when it is 
convenient or within a specific number of days. 


MIME Encoding 


Select the default MIME encoding for all outgoing messages. The MIME encoding is used to specify 
the character set that is used for all outgoing messages. This is important when your company has 
users who are using different character sets. For more information, see Section 7.4, “MIME 
Encoding,” on page 125. 
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Allow Use of “Reply to All” in Rules 


Select this option to enable users to use the Reply to All action when creating rules. By default, this 
option is disabled, which means that only the Reply to Sender action is available. 


Allow Use of “Internet Mail” Tracking 


Select this option to allow users’ Group Wise clients to automatically embed information in Internet- 
bound items. The embedded information instructs the receiving system to send back a delivery 
notification message (if it is supported). By default, this option is enabled. 


For this option to work, the Enable Delivery Confirmation option must be enabled in the GroupWise 
client (Tools > Options > Send Options > Mail > Enable Delivery Confirmation). This is the default setting. 


Expiration Date 


Select this option to have unopened messages expire after the specified number of days. By default, 
this option is disabled. 


Delay Delivery 


Select this option to delay the delivery of messages for the specified number of days. For example, if 
you specify 3 days, a message is not delivered until 3 days after the day it is sent. Messages are 
delivered at 12:01 a.m. of the appropriate day. By default, this option is disabled. 


Wildcard Addressing 


Wildcard addressing enables a user to send an item to all users in a post office, domain, GroupWise 
system, or connected GroupWise system by inserting asterisks (*) as wildcards in email addresses. 


+ Not Allowed: Select this option to disable wildcard addressing. 


* Limited to Post Office (Default): Select this option to limit wildcard addressing to the user's 
post office. This means that a user can send an item to all users on the same post office by 
entering * in the item’s address field. 


¢ Limited to Domain: Select this option to limit wildcard addressing to the user’s domain. This 
means that a user can send an item to all users in the domain by entering *.* in the item’s address 
field. A user can also send an item to all users on another post office in the domain by entering 
* post_office_name in the item’s address field. 


* Limited to System: Select this option to limit wildcard addressing to the user's GroupWise 
system. This means that a user can send an item to all users in the GroupWise system by 
entering *.*.* in the item’s address field. A user can also send an item to all users in another 
domain by entering *.domain_name or to all users in another post office by entering 
* post_office_name. 


+ Unlimited: Select this option to allow unlimited use of wildcard addressing. This means that a 
user can send an item to all users in another GroupWise system by entering 
* post_office_name.domain_name or *.domain_name in the item’s address field. 


Notify Recipients 


Select this option to have recipients notified when they receive an item, if they are using GroupWise 
Notify. By default, this option is enabled. 
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Convert Attachments 


Select this option to allow conversion of attachments in items sent to non-GroupWise email systems 
through a Group Wise gateway. 


Allow Reply Rules to Loop 


By default, GroupWise does not allow a rule-generated reply to be replied to by another rule- 
generated reply. This situation, referred to as looping, can guickly increase message traffic. To allow 
reply rules to loop, select this option. 


Maximum Recipients Allowed 


By default, users can send messages to any number of recipients. To prevent users from sending 
messages to very large numbers of users, perhaps using groups, distribution lists, or wildcard 
addressing, specify the maximum number of recipients that a message can be sent to. If users exceed 
the specified maximum, they receive an error instructing them to remove recipients and try again. 


Restricted Attachment Extensions 


To prevent users from sending specific types of attachments, such as executables, media files, and so 
on, specify the file extensions that cannot be attached to messages. If users attach a restricted file type, 
they receive an error indicating the file type restriction, so that they can remove the attachment. 


Send Options: Mail 
The Mail options apply to mail and phone messages only. 


KS Send Options: Development 


pt | Task | Note | Security | Disk Space Mgmt | Global Signature | 


IV Create a sent item to track information om 
C Delivered 
© Delivered and opened 
© All information 

I Auto-delete sent item 


Return Notification 
When opened 


None 2i 


When deleted 


None SI 
Restore Default Settings 


Co Joe | re 
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Create a Sent Item to Track Information 


By default, items the user sends are inserted in the user's Sent Items folder. Deselect this option if you 
do not want the items placed there. If items are not placed in the Sent Items folder, users cannot check 
the delivery status of the item. The following options are available only if this option is selected. 


+ Delivered: Select this option to track delivered status only. The user can open the Properties 
window of the message to view the status. 


+ Delivered and Opened (Default): Select this option to track delivered and opened status only. 
The user can open the Properties window of the sent message to view the status. 


+ All Information: Select this option to track all status information (delivered, opened, deleted, 
emptied). The user can open the Properties window of the message to view the status. 


+ Auto-Delete Sent Item: Select this option to automatically delete messages from the user's 
Mailbox after all the recipients have deleted the messages and emptied them from the Trash. 


Return Notification 


In addition to status tracking information, the user can receive notification when a message is opened 
or deleted. Choose from the following notification options: 


+ None (Default): The user does not receive notification. 


+ Mail Receipt: The user receives a mail message stating that the recipient opened or deleted the 
message. 

+ Notify: The user receives notification through GroupWise Notify when the recipient opens or 
deletes the message. 


+ Notify and Mail: The user will receive notification through GroupWise Notify and a mail 
message. 


Send Options: Appointment 
The Appointment options apply to appointments only. 


Send Options: Development 


Send Options | Mail i? | Task | Note | Security | Disk Space Mgmt | Global Signature 


r 


C Delivered 
© Delivered and opened 


© All information 


Return Notification 
When opened When accepted 


[None x] S| [None z] 5 | 
When deleted 


None = S 
Restore Default Settings 


Co | Cancel Help 
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Create a Sent Item to Track Information 


The setting for this option is inherited from the setting on the Mail tab; it can only be enabled or 
disabled on the Mail tab. If the option is enabled, you can choose from the following status tracking 
levels: 


+ Delivered: Select this option to track delivered status only. The user can open the Properties 
window of the appointment to view the status. 


+ Delivered and Opened: Select this option to track delivered and opened status only. The user 
can open the Properties window of the appointment to view the status. 


+ All Information (Default): Select this option to track all status information (delivered, opened, 
deleted, emptied). The user can open the Properties window of the appointment to view the 
status. 


Return Notification 


In addition to status tracking information, the user can receive notification when an appointment is 
opened, accepted, or deleted. Choose from the following notification options: 
+ None (Default): The user does not receive notification. 


+ Mail Receipt: The user receives a mail message stating that the recipient opened, accepted, or 
deleted the appointment. 


+ Notify: The user receives notification through GroupWise Notify when the recipient opens, 
accepts, or deletes the appointment. 


+ Notify and Mail: The user receives notification through GroupWise Notify and a mail message. 


Send Options: Task 
The Task options apply to tasks only. 


Send Options: Development 


Send Options | Mail | Appt | note | Security | Disk Space Mgmt | Global Signature 


F 


C Delivered 
© Delivered and opened 


@ All information 


Return Notification 
When opened When accepted 


[None zi on None 


When deleted When completed 


[None xi ay None 
Restore Default Settings 


[_x | Cancel Help 
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Create a Sent Item to Track Information 


The setting for this option is inherited from the setting on the Mail tab; it can only be enabled or 
disabled on the Mail tab. If the option is enabled, you can choose from the following status tracking 
levels: 


+ Delivered: Select this option to track delivered status only. The user can open the Properties 
window of the task to view the status. 


+ Delivered and Opened: Select this option to track delivered and opened status only. The user 
can open the Properties window of the task to view the status. 


+ All Information (Default): Select this option to track all status information (delivered, opened, 
deleted, emptied). The user can open the Properties window of the task to view the status. 


Return Notification 


In addition to status tracking information, the user can receive notification when a task is opened, 
accepted, completed, or deleted. Choose from the following notification options: 
* None (Default): The user does not receive notification. 


+ Mail Receipt: The user receives a mail message stating that the recipient opened, accepted, 
completed, or deleted the task. 


+ Notify: The user receives notification through GroupWise Notify when the recipient opens, 
accepts, completes, or deletes the task. 


+ Notify and Mail: The user receives notification through GroupWise Notify and a mail message. 


Send Options: Note 
The Note options apply to notes only. 


Send Options: Development 


Send Options | Mail | Appt | Task Security | Disk Space Mgmt | Global Signature 


Fr 


C Delivered 
© Delivered and opened 


© All information 


Return Notification 
When opened When accepted 


None z] on [none x] [oi 
When deleted 


None há S 
Restore Default Settings 


[_x | Cancel Help 
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Create a Sent Item to Track Information 


The setting for this option is inherited from the setting on the Mail tab; it can only be enabled or 
disabled on the Mail tab. If the option is enabled, you can choose from the following status tracking 
levels: 


+ Delivered: Select this option to track delivered status only. The user can open the Properties 
window of the note to view the status. 


+ Delivered and Opened (Default): Select this option to track delivered and opened status only. 
The user can open the Properties window of the note to view the status. 


+ All Information: Select this option to track all status information (delivered, opened, deleted, 
emptied). The user can open the Properties window of the note to view the status. 


Return Notification 


In addition to status tracking information, the user can receive notification when a note is opened or 
deleted. Choose from the following notification options: 
+ None (Default): The user does not receive notification. 


+ Mail Receipt: The user receives a mail message stating that the recipient opened or deleted the 
note. 


+ Notify: The user receives notification through GroupWise Notify when the recipient opens or 
deletes the note. 


¢ Notify and Mail: The user receives notification through GroupWise Notify and a mail message. 


Send Options: Security 


The Security options apply to all GroupWise item types (mail messages, phone messages, 
appointments, tasks, and notes). 


Send Options: Development 
Send Options | Mail | Appt | Task | Note 


[ Conceal subject 


[7 Require password to complete routed item 
Secure Item Options 
I Do not allow use of S/MIME 


URL for certificate download: 


(Note: Internet Addressing must be configured for the following 
options to work correctly), 


I Sign digitally 


J” Encrypt for recipients 


Restore Default Settings 


Cox | Cancel Help 
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Conceal Subject 


Select this option to conceal the item’s subject so the notification that appears on the recipient’s screen 
does not include the subject. The subject of the item is also concealed in the recipient’s mailbox and 
the sender’s Sent Items folder. It is visible only when the item is being read. 


Require Password to Complete Routed Item 


Select this option to require a user to enter a password before completing a routed item. 


Secure Items Options 


If users have installed security providers on their workstations, select the options you want them to 
use. 


* Do Not Allow Use of S/MIME: Select this option to disable S/MIME functionality. This disables 
the Encrypt and Digitally Sign buttons (and other related S/MIME functionality) in the 
GroupWise client. By default, this option is enabled. When it is enabled, you can modify the rest 
of the options in the dialog box. 


+ URL for Certificate Download: Specify the Internet address of your preferred certification 
authority. If it is not otherwise changed in this field, the GroupWise client accesses http:// 
www.novell.com/groupwise/certified.html, which lists several common certification authorities. 


+ Sign Digitally: Select this option to enable users to add a digital signature to their outgoing 
messages. Recipients of a digitally signed item who have S/MIME-enabled email products are 
able to verify that the item is actually from the sender. This setting is not a useful security 
measure unless you lock it as the default. 


+ Encrypt for Recipients: Select this option to enable users to encrypt an outgoing item so they 
can ensure that the intended recipients who have an S/MIME-enabled email product are the only 
individuals who can read the item. This setting is not a useful security measure unless you lock 
it as the default. 


If you enable the Encrypt for Recipients options, you can set the encryption algorithm and key 
size. The available algorithm methods (RC2, RC4, DES, 3DES) are trusted algorithms that 
encrypt or transform data to mask the original content. The key size sets the default size (in bits) 
of the encryption key that is used with the algorithm you select. These settings are not useful 
security measures unless you lock them. 


1058 GroupWise 2012 Administration Guide 


Send Options: Disk Space Management 
The Disk Space Management options let you enforce disk space limitations for users on a post office. 


Send Options: Development 


Send Options | Mail | Appt | Task | Note | Security Disk Space Mont | Global Signature 
mme 
Mailbox size lirit: 0 = MB 


Threshold for warning users: 0 4 % 


Maximum send message size: 0 3 KB 


I Limits apply to cache AP 


[ Notify the administrator when threshold limit is exceeded ol 


[ Notify the administrator when size limit is exceeded S 


Restore Default Settings 


User Limits 


Select this option if you want to impose limits on the size of users’ mailboxes or the size of messages 
they can send. By default, this option is disabled, so there are no size limits. If you enable it, you can 
modify the following options: 


+ Mailbox Size Limit: Specify the maximum amount of post office disk space available to each 
user for storing message and attachment files. The setting uses logical disk space because 
attachments are shared by all recipient users on the same post office. Messages in shared folders 
are counted as disk space only for the owner of the shared folder. If you do not want to limit the 
mailbox size, set the value to zero (0). The physical maximum size limit for a mailbox is 4 TB. 


If users meet or exceed their mailbox size limits, they cannot send items until their mailboxes are 
under the size limit. Users can reduce the size of their mailboxes by deleting or archiving items. 


* Threshold for Warning Users: Select the mailbox capacity (as a percentage) that must be 
reached before the user is warned that his or her mailbox is reaching its limit. For example, if the 
mailbox size limit is 200 MB and the threshold is set at 75%, users receive warnings when their 
mailboxes reach 150 MB. Set the value to 0 or 100 if you do not want users to receive a warning. 


+ Maximum Send Message Size: Specify the maximum size of a message (in kilobytes) that a user 
can send using the GroupWise client. If the user sends an item that exceeds this size, a message 
notifies the user that the item is too large to send. 


You can also set message size limits at the post office level through POA configuration, at the 

domain level through MTA configuration, and at the GroupWise system level through GWIA 
configuration, as described in Section 12.3.5, “Restricting the Size of Messages That Users Can 
Send,” on page 201. 
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+ Limits Apply to Cache: Select this option to prevent users from sending from their Caching or 
Remote mailboxes when their Caching or Remote mailboxes exceed the limits you have set for 
Online mailboxes, as described in Section 12.3.4, “Enforcing Mailbox Size Limits,” on page 200. 
You can use this option in conjunction with the Perform Maintenance Purges on Caching/Remote 
option to control the size of users’ Caching and Remote mailboxes. 


If you impose this limit on users who have existing Caching or Remote maïlboxes, their Caching 
or Remote mailboxes might be reduced in size in order to meet the new disk space limit. Such 
users should be warned in advance so that they can back up their Caching or Remote mailboxes 
before the size reduction takes place. Otherwise, users could lose messages that they want to 
keep. 


+ Notify the Administrator When Threshold Limit Is Exceeded: Select this option so that the 
administrator is notified along with the user when the user's mailbox exceeds the size 
established in the Threshold for Warning Users field. The administrator who receives the 
notification must be defined on the Identification page of the Domain object. 


+ Notify the Administrator When Size Limit Is Exceeded: Select this option so that the 
administrator is notified when the user's mailbox exceeds the size established in the Mailbox Size 
Limit field. The administrator who receives the notification must be defined on the Identification 
page of the Domain object. 


Send Options: Global Signature 


The Global Signature option lets you set the global signature. To set options at the domain level, select 
a domain. To set options at the post office level, select a post office. To set options for individual 
users, select one or more users. 


Send Options: Provoi 
Send Options | Mail | Appt | Task | Note | Security | Disk Space Mgmt 


Global Signature 
|<Detautt Global Signature> zl [ol 
c 5 | 


ce 


Restore Default Settings 


[ 8 |] Cancel Help 


Global Signature 


1 Selecta global signature to append to users” messages. 


When enabled, global signatures are automatically appended to every message that is sent by 
the users. For more information, see Section 4.14, “Global Signatures,” on page 94. 


2 Select Apply the signature to all messages to add the signature to all internal or external messages. 
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Or 


Select Apply signature to external messages only to apply the signature to messages that are sent 
through the GWIA. 


If you select Default Global Signature, the default signature that is used by the GWIA is applied. If you 
select None, then no signature is applied. 


NOTE: All Global Signature options pertain only to the Windows client. 


76.2.3 Modifying Documents Options 


1 Ifthe Documents Options dialog box is not displayed, follow the instructions in Section 76, 
“Setting Defaults for the GroupWise Client Options,” on page 1025 to display the dialog box. 


KS Document Management Options: Manage... 


SA 
į Library Configuration į 


Default library: 


<None> 


Restore Default Settings 


2 Select the default library, then click OK to save your changes. 


For information about libraries and document management, see Part VII, “Libraries and 
Documents,” on page 313. 


76.2.4 Modifying Security Options 


1 Ifthe Security Options dialog box is not displayed, follow the instructions in Section 76, “Setting 
Defaults for the GroupWise Client Options,” on page 1025 to display the dialog box. 


Security Options: Management 


re, 
{Password | Macros | Notify 


Allow password caching 


Use eDirectory authentication instead of password 


Enable single sign-on 


Use Collaboration Single Sign-on (CASA) 


Restore Default Settings ] 


Setting Defaults for the GroupWise Client Options 1061 


2 Clickthe tab that contains the options you want to change. Refer to the following sections for 
information about options: 


“Security Options: Password” on page 1062 
“Security Options: Macros” on page 1064 
“Security Options: Notify” on page 1064 


3 If you want to prevent users from changing an option’s setting, click the lock button next to it. 


After you click it, the lock button indicates whether the setting is locked at the domain level, the 
post office level, or the user level. 


4 If you want to return all the options on a tab to their default settings, click Restore Default 
Settings. 


5 When you are finished, click OK to save your changes. 


Security Options: Password 


The Password options let you reset a user's password and enable various methods by which a user can 
set up the GroupWise client so that he or she does not have to enter a password at startup. 


Security Options: Management 


ne, 
{Password || Macros | Notify 


Allow password caching 


Use eDirectory authentication instead of password 


Enable single sign-on 


Use Collaboration Single Sign-on (CASA) 
Restore Default Settings 


For background information about passwords, see Chapter 82, “GroupWise Passwords,” on 
page 1099. 


Enter New Password 


This option is available only when setting client options for an individual user. You can use this 
option to set or reset a user's password. You should advise the user to change the password as soon 
as possible. 


Retype Password 


This option is available only when setting client options for an individual user. If you enter a new 
password, verify it by retyping it in this field. 
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Clear User Password 


This option is available only when setting client options for an individual user. If a user forgets his or 
her personal password, select this option to clear the password. The user can then enter a new 
password at his or her discretion. In a high security post office, it might be necessary to set a new 
password after clearing the old one. 


Allow Password Caching 


Select this option to allow users to enable the Remember My Password option under Security options in 
the GroupWise client. The Remember My Password option stores the user's password in the 
workstation's Windows password list so that the user does not need to enter the password when 
starting GroupWise. This option is disabled by default. 


This option applies only to older GroupWise clients running on older Windows versions, such as 
Windows 2000 and earlier, which are not supported for the GroupWise 2012 Windows client. 


Allow eDirectory Authentication Instead of Password 


Select this option to allow users to select the No Password Reguired with eDirectory option under 
Security options in the GroupWise client. When this option is selected in the client, the user can 
access his or her mailbox without reguiring a password if he or she is already logged in to Novell 
eDirectory. Mailbox access is granted based on eDirectory authentication, not on password 
information. This option is available only if eDirectory authentication is enabled for the post office, as 
described in Section 11.2.11, “Selecting a Post Office Security Level,” on page 180. 


NOTE: In versions of GroupWise prior to the GroupWise 5.5 Enhancement Pack, this option was 
called Allow NDS Single Sign-on. The option name has been changed to avoid confusion with the 
Novell Single Sign-on product. 


Enable Single Sign-On 


Select this option to give users the Use Single Sign-on option under Security Options in the GroupWise 
client. This option lets the user access his or her mailbox without reentering the password. After a 
user selects Use Single Sign-On in the GroupWise client, the GroupWise password is stored in 
eDirectory for the currently logged-in user. 


IMPORTANT: Novell Single Sign-on must be installed on the user's workstation in order for this 
option to take effect. 


Use Collaboration Single Sign-on (CASA) 


Select this option to give users the Use Collaboration Single Sign-on (CASA) option under Security 
Options in the Group Wise Windows client. This option lets the user access his or her mailbox without 
reentering the password if the Collaboration Single Sign-on (CASA) software is installed. After a user 
selects Use Collaboration Single Sign-On (CASA) in the GroupWise client and if the CASA client is 
installed, the GroupWise password is stored for the currently logged-in user. 
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Security Options: Macros 


The Macros option determines how GroupWise handles macros that are included in received 
messages. 


Security Options: Development 


Password (Mi 


View Macro Security 


C Always Play Received Macros 
C Never Play Received Macros 


(© Always Prompt before Playing a Macro 


Restore Default Settings: 


| Cancel | Help 


View Macro Security 
Choose from the following settings to determine the level of macro security: 
+ Always Play Received Macros: Select this option to play attached macros when the message is 
opened. 
+ Never Play Received Macros: Select this option to ignore attached macros. Macros do not play. 


+ Always Prompt Before Playing a Macro (Default): Select this option to have the user prompted 
to play the macro. 


Security Options: Notify 


The Notify option determines how often GroupWise Notify checks a user's mailbox for newly 
received items. If new items are detected, the user is notified. The default is every minute. 


Security Options: Development 


Password | Macros | 
Settings 


Check tor mail every 1 < hintes om 
Restore Default Settings 
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76.2.5 Modifying Calendar Options 


1 Ifthe Calendar Options dialog box is not displayed, follow the instructions in Section 76, 
“Setting Defaults for the GroupWise Client Options,” on page 1025 to display the dialog box. 


Calendar Options: Sales x| 


5 M i w M JF 5 
First of week: 9 n s «e [ 
Highlight day: d os od og m wp od |. 
TF Show week number [| 
Appointment Options ; Alarm Options 
IV Include myself on new appointments gl F Set alarm when accepted Kiil 
Display appointment length as: | Default alarm time: [5 minutes 


@ Duration 


© End date and time 


Default length: 1 hours 0 $jminutes Al 


Work Schedule 


Start time: {8:00 AM oil | Work days: en 
Endtime: [5:00 Pm ol | 5 M T WT F 5 


x a a da y y m 


Restore Default Settings | 


Oomi | me | 


2 Clickthe tab that contains the options you want to change. Refer to the following sections for 
information about options: 


“Calendar Options: General” on page 1066 
“Calendar Options: Busy Search” on page 1067 


3 If you want to prevent users from changing an option’s setting, click the lock button next to it. 


After you click it, the lock button indicates whether the setting is locked at the domain level, the 
post office level, or the user level. 


4 If you want to return all the options on a tab to their default settings, click Restore Default 
Settings. 


5 When you are finished, click OK to save your changes. 
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Calendar Options: General 
The General options determine basic settings for the GroupWise Calendar. 


Date Time Options: Provo2 


First of week: 


Highlight day: 
D Show week number 


Appointment Options Alarm Options 


IV Include myself on new appointments S [ol 


Display appointment length as: IV Set alarm when accepted 


© Duration (OJ Default alarm time: 
© End date and time 5 Sprintes 
Default length: 1 hours 0 hinutes S 
Work Schedule 
Start time: 13:00 AM S Work days: 
Endtime: [5:00PM cf 


Restore Default Settings 


Cx | Cancel Help 


Month Display Option 
Select from the following options to determine how the month calendar is displayed: 
* First of Week: Select the day of the week that you want to display as the first day on the 
calendar. 
+ Highlight Day: Select any days you want highlighted, such as weekends and holidays. 


* Show Week Number: Select this option to display the week number (1 through 52) at the 
beginning of the calendar week. 


Appointment Options 
Select from the following options to determine how appointments are handled: 


+ Include Myself on New Appointments: Select this option to have the sender automatically 
included in the appointment's To: list. This option is enabled by default. 


+ Display Appointment Length As: When creating an appointment, the sender must specify the 
appointment's length. You can use this option to determine whether the sender enters a duration 
for the appointment or an end time for the appointment. Select the Duration setting to have 
appointments display a Duration field that the sender must fill in (for example, 30 minutes, 1 
hour, or 10 hours). Select the End Date and Time setting to have appointments display End Date 
and Time fields that the sender must fill in (for example, June 3, 2010 and 10:00 a.m.). The default 
setting is Duration. 
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+ Default Length: Select the default length for appointments. Users can change the length. If the 
appointment's length is displayed as a duration, the duration defaults to this length. Ifit is 
displayed as an end date and time, the end time defaults to the start time plus the default length 
(for example, if the start time is 9:00 a.m. and the default length is 1 hour, the end time defaults 


to 10:00 a.m). 


Alarm Options 


Users can set appointment alarms so that they are notified prior to an appointment time. Select from 
the following options to determine the default settings for an alarms: 


+ Set Alarm When Accepted: Select this option to have an alarm automatically set when the user 
accepts an appointment. By default, this option is enabled. 


+ Default Alarm Time: Select the number of minutes before an appointment to notify the user. 


The default is 5 minutes. 


Work Schedule 


The work schedule determines the user's normal work days and hours. In the calendar and during 
busy searches, any days or hours outside of the work schedule are represented by gray sguares (Out 
of Office). Users can still be scheduled for appointments during non-work hours. 


+ Start Time: Select the daily start time. The default is 8:00 a.m. 
* End Time: Select the daily end time. The default is 5:00 p.m. 


+ Work Days: Select the work days. The start time and end time are applied to each work day. 


Calendar Options: Busy Search 


The Busy Search options determine the amount of free time reguired for the appointment and the 


range of dates to search. 


KE calendar Options: Sales x| 


Appointment Length 


Appointment Length 0 hours 15 minutes [oii 


Range and Time to Search — — 


Search Range: 7 Says ay 
From: 8:00 AM on 
To: 5:00 PM ai 

Restore Default Settings 


Days to Search 


IV Monday oii 


IV Tuesday 
F Wednesday 
F Thursday 
F Friday 


T Saturday 
I Sunday 
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Appointment Length 


Set the default appointment length to search. You can set the length in 15-minute increments. The 
default is 15 minutes. This setting is used only when the user does a busy search through the Busy 
Search option on the Tools menu. Otherwise, the default appointment length defined on the Calendar 
tab is used (see “Calendar Options: General” on page 1066). 


Range and Time to Search 


Specify the number of days to include in the search, then set the daily start and end times for the 
search. 


Days to Search 


Select the days to search. By default, the typical work days (Monday through Friday) are selected. 


76.3 Resetting Client Options to Default Settings 


You can reset client options to the defaults for one or more users. This enables you to establish your 
preferred settings, and then lock those settings so that users cannot change them in the future. 

1 In ConsoleOne, select one or more User objects (or GroupWise External Entity objects). 

2 Click Tools > GroupWise Utilities > Mailbox/Library Maintenance. 

3 In the GroupWise Objects list, select Users/Resources. 

4 Inthe Actions list, select Reset Client Options, then click Run. 
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Distributing the GroupWise Windows 
Client 


You can distribute the GroupWise Windows client software in various ways: 
+ Section 77.1, “Using GroupWise AutoUpdate and SetupIP to Distribute the Group Wise 
Windows Client,” on page 1069 
+ Section 77.2, “Using ZENworks Configuration Management to Distribute the GroupWise 
Windows Client,” on page 1085 


For information about client licensing requirements, see Section 12.4, “Auditing Mailbox License 
Usage in the Post Office,” on page 207. 


Using GroupWise AutoUpdate and SetuplP to Distribute the 
GroupWise Windows Client 


The GroupWise Windows client Setup program (setup.exe) includes an AutoUpdate feature that 
helps you keep users’ Windows client software up to date. Each time the GroupWise Windows client 
starts, it checks with the POA for the user’s post office to find out if new Windows client software is 
available in the post office’s software distribution directory. When new software is available and 
AutoUpdate is enabled, the Setup program can prompt the user to install the updated software. 


By default, AutoUpdate checks for a mapped drive to a software distribution directory from which to 
install the client software. This requires that users have rights to directly access the software 
distribution directory. To eliminate the need to give users rights to the software distribution directory, 
you can configure the SetupIP feature to download the client software from a Web server, so that the 
client installation can run locally on users’ workstations. 


After AutoUpdate locates the software, either across a mapped drive or by downloading it from a 
Web server, the installation of the client software by the client Setup program is controlled by the 
setup configuration file (setup. cfg). 

+ Section 77.1.1, “Preparing for AutoUpdate,” on page 1070 

+ Section 77.1.2, “Working with the Setup Configuration File,” on page 1076 

+ Section 77.1.3, “Enabling AutoUpdate in ConsoleOne,” on page 1082 

+ Section 77.1.4, “Understanding the User’s AutoUpdate Experience,” on page 1083 

+ Section 77.1.5, “Using the AutoUpdate Error Log Files,” on page 1084 

+ Section 77.1.6, “Disabling Your AutoUpdate Customizations,” on page 1084 
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77.1.1 Preparing for AutoUpdate 


+ “Preparing Your Software Distribution Directory to Support AutoUpdate” on page 1070 
¢ “Preparing for Windows Client Installation from a Mapped Drive” on page 1071 


¢ “Preparing for Windows Client Installation from a Web Server” on page 1071 


Preparing Your Software Distribution Directory to Support AutoUpdate 


During the installation of GroupWise Administration, you had the opportunity to plan and set up a 
software distribution directory, as described in “GroupWise Software Distribution Directory” in 
“Installing a Basic GroupWise System” in the GroupWise 2012 Installation Guide. 


On Windows, if you selected GroupWise Client for Windows when you initially created your software 
distribution directory, the GroupWise Windows client software was copied from the downloaded 
GroupWise 2012 software image into the client subdirectory of the software distribution directory. 


On Linux, the GroupWise Windows client software is always copied into the software distribution 
directory, because the Linux GroupWise Installation program does not include an option for selecting 
GroupWise Client for Windows. 


The default location of the software distribution directory varies by platform: 


Linux: /opt/novell/groupwise/software 


Windows: c:\grpwise\software 


If the software distribution directory already contains the Windows client software, follow the 
instructions for the type of client installation you want to perform: 
+ “Preparing for Windows Client Installation from a Mapped Drive” on page 1071 


+ “Preparing for Windows Client Installation from a Web Server” on page 1071 
If you have not yet copied the Windows client software to the software distribution directory: 


1 Start the Windows GroupWise Installation program. 


2 Click Install GroupWise System, click Yes to accept the License Agreement, then click Next to 
accept a standard installation. 


3 Select Install Individual Components and deselect GroupWise Agents, so that only GroupWise 
Administration is selected, then click Next. 


4 Deselect Install Administration Files, so that only Copy Files to a Software Distribution Directory is 
selected, then click Next. 


Specify or browse to and select your software distribution directory, then click Next. 
Select GroupWise Client for Windows, then click Next. 


Review your selections, then click Install. 


© M OO A 


When the Windows client software files have been copied to the software distribution directory, 
click Finish. 
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9 If you want to distribute the Windows client software from a mapped network drive, continue 
with Preparing for Windows Client Installation from a Mapped Drive. 


Or 


If you want to distribute the Windows client software from a Web server, so that the Windows 
client users do not need access rights to the software distribution directory, skip to “Preparing 
for Windows Client Installation from a Web Server” on page 1071. 


Preparing for Windows Client Installation from a Mapped Drive 


1 Make sure that Windows client users have a drive mapped to the software distribution directory. 


If the software distribution directory is on Linux and you need assistance with this task, you can 
follow the same basic procedure described in “Installing the GroupWise Windows Client from 
the Linux GroupWise 2012 Software Image” in “Installation” in the GroupWise 2012 Installation 
Guide to set up the connection. 


(Conditional) If the software distribution directory is on Linux, modify the configuration of the 


software distribution directory to make it available from the point of view of users’ Windows 


workstations: 


2a In Windows ConsoleOne, click Tools > GroupWise System Operations > Software Directory 
Management. 


2b Selectthe software distribution directory on the Linux server where the Windows client 


software is located, then click Edit. 


2c Inthe UNC Path field, change the Linux path provided by the Linux GroupWise Installation 
program or Linux ConsoleOne to the UNC path reguired to access the location from the 


point of view of Windows, then click OK. 


IMPORTANT: Do not edit this software distribution directory in Linux ConsoleOne in the 
future. Doing so would change the location back to a Linux path and cause the AutoUpdate 


process to fail. 


2d Click Close to close the Software Distribution Directory Management dialog box. 


3 Make sure that users have Read and Scan rights to the following locations in the software 
distribution directory: 


software distribution directory\client 


software distribution directory\client\win32 
4 Skip to “Customizing the Setup Configuration File” on page 1079. 
Preparing for Windows Client Installation from a Web Server 


When the Windows client software was copied to the software distribution directory, the files 
reguired for installing the Windows client from a Web server were copied to: 


software distribution directory/admin/utility/setupip 
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This applies to software distribution directories on Linux and on Windows. SetupIP can be 
configured to install the Windows client software from the Apache Web server on Linux or from the 
Internet Information Service (IIS) Web server on Windows. 


1 Create a directory in the document root directory of your Web server for the Group Wise client 
software files used by SetupIP, for example: 


Apache on Linux: /srv/www/htdocs/gwclient 


IIS on Windows:  c:\InetPub\wwwroot\gwclient 


2 Create a win32 subdirectory under the client software directory that you created in Step 1. 


After you customize the setup configuration file (setup . cfg), as described in “Customizing the 
Setup Configuration File” on page 1079, you will copy it to the win32 subdirectory. 


3 Browse to the following subdirectory in your software distribution directory: 
software distribution directory/admin/utility/setupip 


4 Copy the setupip.fil file and any language-specific setupip. language code files for 
languages you want to install, from the utility/setupip directory to the client software 
directory that you created in Step 1. 


All language-independent Windows client software files are included in the setupip. fil file. 
The setupip. language code file for each client language (setupip.en, setupip.de, 
setupip. fr, and so on) contains all client software files for the specific language indicated by 
the language code. If you copy multiple setupip. language codefiles to the Web server, users 
are prompted for which languages they want to install. 


5 On Windows, in the utility/setupip directory, run the WritelP program (writeip.exe). 


If the WriteIP program is located on a Linux server, you can use the same procedure for creating 
a connection from Windows to Linux when setting up SetupIP as you use when setting up 
ConsoleOne for use from Windows to Linux. For assistance, see Section 2.3, “ConsoleOne ina 
Multiple-Platform Environment,” on page 48. 


x 
FIP Addresses 
1 [epei SS Cancel | 
7 IE 
SE OY 
| 


I7 Choose IP addresses at random. 


r Download Options 


(“ Download to a temporary directory. 


C Download to a specific directory. 


The WritelP program (writeip.exe) creates a customized SetupIP program (setupip.exe) 
designed to work with the local Web server. 


6 Specify the IP address location for the local setupip. fil file. 


For example, you can specify: 


http://172.16.5.18/gwclient 
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or 


http://intranet . yourcompanyname.com/gwclient 


You can include proxy and port information, for example: 


http: //name.yourcompanyname.com/gwclient ;proxy.place.mycompany:1690 


You can specify as many as five locations where you have made the GroupWise client software 
available on Web servers. During AutoUpdate, each location is checked, in order, until a 
connection is made. 


(Optional) If you specify multiple locations, select Choose IP Address at Random so that the order 
in which the locations are checked is selected randomly when AutoUpdate occurs. 


This balances the load on the Web servers. 
(Optional) Select download options: 


Download to a Temporary Directory: Select this option to download the Windows client 
software into a temporary directory that is automatically deleted after the user installs the 
updated client software. 


Download to a Specific Directory: Select this option to control where and how the Windows 
client software is downloaded. 


¢ Path: Specify the directory where you want SetupIP to download the Windows client 
software. 


+ Delete Install Files after Install Is Complete: Select this option to clean up the user's 
workstation after the Windows client software is installed. 


+ Download Only New and Updated Files: Select this option to shorten download time by 
downloading only new and modified software files. 


+ Allow the User to Change the Download Directory: Select this option to prompt the user 
for the location to download the software files. 


Click OK to create a customized setupip.exe file based on the settings you selected, then click 
OK again to exit the WriteIP program. 


The writeip.ini file is also created, which stores the options you selected when running the 
WriteIP program. 


Copy the custom setupip.exe file from the utility/setupip directory to the 
software distribution directory/client/win32 directory, so that it is in the same 
directory with the Windows client Setup program (setup.exe). 


Configure your Web server to support SetupIP: 
+ “Apache on Linux” on page 1073 
+ “TIS on Windows Server 2008” on page 1074 
+ “IIS on Windows Server 2003” on page 1075 


Apache on Linux 


1 
2 


Open the Apache configuration file (/etc/apache2/httpd.conf) in a text editor. 


Search for the following section: 


<Directory /> 
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3 Afterthe default Directory section, add the following section for the GroupWise client 
software: 


<Directory /srv/www/htdocs/gwclient> 
Options Indexes 
</Directory> 


4 Onthe Directory line, specify the client software directory that you created in Step 1 in 
“Preparing for Windows Client Installation from a Web Server” on page 1071. 


5 Save the file. 
6 Restart Apache: 


rcapache2 restart 


7 Testthe availability of the client software on the Web server by displaying the following URL 
and verifying the contents of the win32 directory: 


http://web server address/gwclient 


Index of /gwclient 


Name Last modified Size Description 


Parent Directory 


s) setupip.en 12-Apr-2012 19:49 4.7M 
a) setupip.fil 12-Apr-2012 19:49 87M 
@ win32/ 12-Apr-2012 19:50 


8 Skip to Working with the Setup Configuration File. 


IIS on Windows Server 2008 
1 On Windows Server 2008, click Start > Administrative Tools > Internet Information Services (IIS) 
Manager. 


2 Expandthe Local Computer object, expand the Sites folder, expand your Web site, then select 
the client software directory that you created in Step 1 in “Preparing for Windows Client 
Installation from a Web Server” on page 1071. 


3 Enable directory browsing so that the gwclient directory can be accessed: 
ga Inthe Features View, double-click Directory Browsing. 
3b Inthe Actions pane, click Enable. 
3c Clickthe client software directory to return to the Features View. 
4 Configure ITS to allow the download of the client software files: 
4a Inthe Features View, double-click MIME Types. 
4b Inthe Actions pane, click Add. 
4c In the File name extension field, type .* (a period followed by an asterisk). 
4d Inthe MIME type field, type application/octet-stream. 
4e Click OK. 
4f Click the client software directory to return to the Features View. 


5 (Conditional) If you have configured file filtering at a higher level in this Web site, configure IIS 
to not filter out files in the client software directory: 


5a In the Features View, double-click Request Filtering. 
5b Click Allow File Name Extension. 
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5c In the File name extension field, type .* (a period followed by an asterisk). 
5d Click OK. 


6 Close ITS Manager. 
7 Restart IIS: 


7a Click Start > Administrative Tools > Services. 
7b Right-click World Wide Web Publishing Service, then click Restart. 


8 Test the availability of the client software on the Web server by displaying the following URL 


9 


and verifying the contents of the win32 directory: 


http://web_server_address/gwclient 


Index of /gwclient 


Name Last modified Size Description 


> Parent Directory 


s) setupip.en 12-Apr-2012 19:49 4,7M 
2) setupip.fil 12-Apr-2012 19:49 87M 
B win32/ 12-Apr-2012 19:50 


Skip to Working with the Setup Configuration File. 


IIS on Windows Server 2003 


1 


ao R OO N 


7 


On Windows Server 2003, click Start > Control Panel > Administrative Tools > Internet Information 
Services (IIS) Manager. 


Expand the Local Computer object, then expand the Web Sites folder. 
Right-click your Web site, then click Properties. 
On the Home Directory tab, select Directory Browsing, then click OK. 
Restart IIS: 
5a Click Start > Administrative Tools > Services. 
5b Right-click World Wide Web Publishing Service, then click Restart. 
Test the availability of the client software on the Web server by displaying the following URL: 


http://web server address/gwclient 


Index of /gwclient 


Name Last modified Size Description 


> Parent Directory 


s) setupip.en 12-Apr-2012 19:49 4.7M 
=j setupip.fil 12-Apr-2012 19:49 87M 
© win32/ 12-Apr-2012 19:50 


Continue with Working with the Setup Configuration File. 
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77.1.2 Working with the Setup Configuration File 


The AutoUpdate process is controlled by the setup configuration file (setup. cfg). 


+ “Understanding the Setup Configuration File” on page 1076 
+ “Customizing the Setup Configuration File” on page 1079 
+ “Adding LDAP Directory Service Accounts to the Setup Configuration File” on page 1081 


Understanding the Setup Configuration File 


A default setup configuration file (setup . cfg) is provided in the following directory: 
software distribution directory\client 


The setup configuration file is an ASCII text file that supports extended ASCII characters. The file 
contains the responses normally provided by the user during the installation of the Windows client 
software. For example, the path for the Windows client software and the folder for the GroupWise 
desktop icon are specified in this file. In addition, information can be added to the setup 
configuration file to add predefined LDAP directory service accounts to the GroupWise Address 
Book in the Windows client during installation. 


When the GroupWise Windows client Setup program (setup. exe) is executed, it looks in the same 
directory for a setup. cfg file. If none is found, the installation proceeds, prompting the user for the 
needed information. If the setup. cfg file is found, the Windows client Setup program proceeds, 
using the information specified in the setup configuration file. Depending on the entries in the setup 
configuration file, the user might or might not be prompted to provide information during the 
installation. 


The setup configuration file is divided into the following sections. In the setup configuration file, 
each section head must be enclosed in brackets [ ] as shown. 

+ “[GroupWiseSetup]” on page 1076 
+ “[ShowSetup]” on page 1077 


+ “[AutoUpdate]” on page 1078 


+ “[GWCheck]” on page 1078 


+ “ 


[ 
[ 
[ 

+ “[Startup]” on page 1078 
[ 
[IntegrationApps]” on page 1079 
[ 


+! 


Languages]” on page 1079 


[GroupWiseSetup] 

Version= This entry must match the version being installed; otherwise, the Setup 
program does not use setup.cfg. The default is 8.0. 

Path= This entry specifies the path where you want the GroupWise Windows 
client to be installed. The default path for GroupWise 2012 is 
c:\Program Files\Novell\Groupwise. 

Earlier versions of GroupWise defaulted to c:\novell\groupwise. 

Folder= This entry creates and installs the GroupWise Windows client shortcuts 


to the specified folder in the user’s Start menu. The default folder is 
Novell GroupWise. 
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LaunchMessenger= This optional entry specifies whether Novell Messenger should be 
launched when GroupWise starts. The default is No. 


LaunchNotify= This optional entry specifies whether GroupWise Notify should be 
launched when GroupWise starts. The default is No. 


GWMailTo= This entry specifies whether the GroupWise Windows client should be 
the default email application in your Web browser. The default is Yes, so 
that the Internet Browser Mail Integration is installed along with the 
GroupWise client. 


IPAddress= This optional entry specifies the IP address for the Windows client to 
always use. Use this setting to set the IP address per post office when 
using multiple post offices. 


IPPort= This optional entry specifies the IP port for the Windows client to always 
use. 
DefaultIPAddress= This optional entry specifies the default IP address for the Windows 


client to use the first time it is started. This should be an IP address that 
everyone on the system has access to. 


DefaultIPPort= This optional entry specifies the default IP port for the Windows client to 
use the first time it is started. 


StopService= Use this entry when you are running integrated third-party software along 
with the GroupWise Windows client, and that software might be locking 
some GroupWise Windows client DLLs. If client DLLs are locked, the 
client software cannot be installed. Specify the service for the client 
Setup program to stop before it installs the client software. Use the name 
as it appears in the list provided by Control Panel > Administrative Tools 
> Services. You can stop only one service before installing the client 
software. 


[ShowSetup] 


ShowDialogs= Specify No to hide dialog boxes during the installation. Specify Yes to 
show the dialog boxes. The default is Yes. 


If an entry is missing from the setup. cfg file and ShowDialogs=Yes, 
the Setup program selects the default setting. If ShowDialogs=No, the 
Setup program prompts the user for a selection. 


NOTE: This option does not suppress the language selection dialog box 
that appears when you install the GroupWise Windows client from the 
multilanguage software image. For more information, see the GroupWise 
2012 Readme (http://www.novell.com/documentation/groupwise2012/ 
gw2012_readme_full/data/gw2012_readme_full.html). 


ShowProgress= Specify Yes to show the progress indicator during the installation. Specify 
No to hide the progress indicator during installation. The default is Yes. 


ShowFinish= Specify Yes to display the Finish dialog box after the installation. Specify 
No to hide this dialog box. The default is Yes. 
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[AutoUpdate] 


When you enable AutoUpdate, you can configure the AutoUpdate process to prompt the user to 
update or to install the software automatically, thus forcing the user to update. 


Enabled= Specify Yes if you want users to be prompted to update their GroupWise 
Windows client software as soon as a newer version is available. Specify 
No if you want to disable the AutoUpdate feature. The ForceUpdate= 
entry is then ignored. This can be useful if you intend to distribute the client 
software by using a different method such as ZENworks Configuration 
Management, or if you want to disable AutoUpdates at the post office level 
during a migration to a newer version of GroupWise. The default is Yes. 


SetupIPEnabled= Specify Yes if you want to use AutoUpdate over an IP connection to a Web 
server instead of a mapped drive to a software distribution directory. The 
default is No. 

ForceUpdate= When this entry is set to Yes, GroupWise automatically updates the users’ 


Windows client software. The default is No. 


Users can still click Cancel to cancel the update; however, they cannot run 
the Windows client software to access their mailboxes until they update 


the software. 

GraceLoginCount= Specify the number of grace logins allowed before you require the users to 
update their Windows client software. If ForceUpdate=No, this entry is 
ignored. 

PromptUntilUpdated= When PromptUntilUpdated=Yes, the user is prompted to update the 


Windows client software each time the client starts. The user can choose 
not to install the new software when prompted and still run the currently 
installed version of the client. The AutoUpdate reminder appears the next 
time the user starts the client. The default is No. 


[Startup] 

Notify= If you specify Yes, the Setup program places Notify in the Windows Startup 
folder to be started automatically when the computer starts. The default is 
No. 

[GWCheck] 


This section installs and enables GroupWise Check (GWCheck). GWCheck is a tool that performs 
maintenance and repair tasks on users’ mailboxes to keep GroupWise operating efficiently. It is 
essentially a standalone version of the Mailbox/Library Maintenance feature available in GroupWise 
Administration in ConsoleOne. GWCheck checks and repairs GroupWise user, message, library, and 
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resource databases without having ConsoleOne and the GroupWise snap-in loaded. In addition to 
checking post office, user, and library databases, it also checks Caching, Remote, and archive 
databases. 


Instal11GWCheck= Specify Yes to install GWCheck files to the workstation. Specify No to not 
install GWCheck. The default is Yes. 


GWCheckEnabled= Specify Yes to install the files to the same directory as the GroupWise 
Windows client, which results in the Repair Mailbox option being enabled 
under the Tools menu in the client. Specify No to install the files in a GWCheck 
subdirectory below the client directory, which disables the Repair Mailbox 
option until the files are manually copied into the GroupWise directory. The 
default is No. 


[IntegrationApps] 
GroupWise installs integration for the following applications, if found, unless the entry is set to No. 


+ Microsoft Excel 

+ Microsoft Word 

+ Microsoft PowerPoint 
+ Corel Presentations 
+ Corel Quattro Pro 

* Corel WordPerfect 

+ OpenOffice Calc 

+ OpenOffice Draw 

+ OpenOffice Writer 

+ OpenOffice Impress 


[Languages] 


The default language is set to English, and all other languages are set to No, meaning they are not 
installed. See the setup. cfg file for a listing of the different languages. 


Customizing the Setup Configuration File 


1 On the server from which you want to distribute the client software, browse to the following 
directory: 


software distribution directory/client 


2 Copy the setup. cfg file to the win32 subdirectory, so that it is in the same directory with the 
setup.exe file that it provides the configuration settings for. 


3 (Conditional) If you are installing from the multilanguage version of GroupWise and you do not 
want users to be prompted for the languages to install, copy the setup. ini file down to the 
win32 subdirectory. 


4 Change to the win32 subdirectory. 


5 Use an ASCII text editor to edit the copied setup. cfg file and add the settings that you want to 
use when AutoUpdate installs the client software on users’ workstations: 


5a Under the [AutoUpdate] heading, specify: 


Enabled=Yes 
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5b If you want the Windows client software to be automatically updated, so that users are 
reguired to update their client software, specify: 


ForceUpdate=Yes 
or 


If you want users to be prompted for whether they want to update their Windows client 
software, specify: 


ForceUpdate=No 


5c (Conditional) If you are forcing users to update, set the number of grace logins you want to 
allow before forcing an AutoUpdate, for example: 


GraceLoginCount=3 


5d (Conditional) If you are using SetupIP to distribute the client software from a Web server, as 
described in “Preparing for Windows Client Installation from a Web Server” on page 1071, 
specify: 


SetupIPEnabled=Yes 


5e (Conditional) If you want to reduce or eliminate interaction between the client Setup 
program and users, specify one or more of the following options: 


ShowDialogs=No 
ShowProgress=No 
ShowFinish=No 


6 Change other setup configuration entries as described in “Understanding the Setup 
Configuration File” on page 1076. 


7 Save the customized setup.cfg file. 


8 (Conditional) If you are installing from the multilanguage version and you do not want users to 
be prompted for the languages to install: 


8a Open the setup. ini file in a text editor. 


8b Inthe [Startup] section, specify: 
EnableLangDlg=N 
8c Savethe customized setup. ini file. 


9 (Conditional) If you are using SetupIP to distribute the client software from a Web server: 


9a Copy the customized setup. cfg file to the client software directory that you created in 
Step 1 in “Preparing for Windows Client Installation from a Web Server” on page 1071. 


9b (Conditional) If you customized the setup. ini file in Step 8, copy it to the client software 
directory on the Web server. 


9c Test the availability of the files in the win32 directory on the Web server by displaying the 
following URL and verifying the contents of the win32 directory: 


http://web server address/gwclient 
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Index of /gwclient 


Name Last modified Size Description 


o Parent Directory 


s) setupip.en 12-Apr-2012 19:49 4.7M 
21 setupip.fil 12-Apr-2012 19:49 87M 
© win32/ 12-Apr-2012 19:50 


When the setupip. fil file and setupip.en file are extracted on users’ workstations prior 
to the client software installation, the files in the win32 directory on the Web server replace 
the standard files. 


10 (Optional) Continue with Adding LDAP Directory Service Accounts to the Setup Configuration 
File. 


or 


Skip to Section 77.1.3, “Enabling AutoUpdate in ConsoleOne,” on page 1082. 


Adding LDAP Directory Service Accounts to the Setup Configuration File 


LDAP directory service accounts provide users with the ability to search directory services such as 
Bigfoot for names and email addresses of people. Each search can check potentially millions of 
names. After locating a name through a directory service search, users can add those names and 
email addresses to their personal address books. 


You can add predefined LDAP directory service accounts to the Address Book by adding information 
to setup.cfg. This information can be added even after the initial installation. After the accounts are 
added, this information does not need to be removed from setup. cfg. During subsequent 
installations, GroupWise adds any new accounts listed but does not update or duplicate existing 
LDAP accounts. 


The user can also choose to add LDAP directory service accounts after the GroupWise Windows 
client is installed, as described in “Using the LDAP Address Book” in “Contacts and Address Books” 
in the GroupWise 2012 Windows Client User Guide. 


To add an LDAP address book during installation, add the following lines to the setup. cfg file, 
providing information that is specific to the LDAP account: 


[LDAP Account 1] 
Description=Ldap Serverl 
Server=ldap.serverl.com 
Port=389 

SearchRoot=c=us 
Login=TRUE 


You can add multiple accounts: 
[LDAP Account 2] 
Description=Ldap Server2 
Server=ldap.server2.com 
Port=389 


SearchRoot=0=widget, c=us 
Login=FALSE 


Parameter Description 


Description= The name that displays in the list of LDAP directory services in the Address Book. 
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Parameter Description 


Server= The LDAP server name or IP address. 
Port= The LDAP directory service's port number. The number is usually 389. 
SearchRoot= The base or root of the LDAP directory service where the user searches for names. For 


example, the base could be a country, organization, or other type of grouping. This is not 
reguired for all LDAP directory services. If a search root is reguired, the LDAP directory 
service provides the information. 


Login= TRUE means users are prompted for a user name and password when they use that LDAP 
directory Service. 


Continue with Enabling AutoUpdate in ConsoleOne. 


77.13 Enabling AutoUpdate in ConsoleOne 


1 Loginto ConsoleOne as an Admin eguivalent. 
2 Connect to a domain. 


3 Click Tools > GroupWise System Operations > Software Directory Management. 


Corporate Linux \bd-oes\optinovell\groupwiselsoftware 
Corporate Windows — \\jbd-win\c\arpwise|software 


4 Selectthe software distribution directory for the post offices where you want to update the 
Windows client software, then click Update. 


T Force auto-update check by GroupWise components 


5 (Conditional) If the Windows client software is being installed from a mapped drive, select 
Update by Copying From, then select Software Distribution Directory or browse to and select another 
location. 


If the Windows client software is being installed from a Web server, the updated software has 
already been made available, as described in “Preparing for Windows Client Installation from a 
Web Server” on page 1071. 
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6 Select Force Auto-Update Check by GroupWise Components, then click OK. 


7 Continue with Section 77.1.4, “Understanding the User’s AutoUpdate Experience,” on 
page 1083. 


Understanding the User's AutoUpdate Experience 


The next time each client user starts the Windows client, the client detects that the software version in 
the software distribution directory has been updated. It launches the Windows client Setup program 
(setup.exe), which runs according to the settings you have provided in the setup. cfg file. 


If you are forcing the user to update (ForceUpdate=Yes in the setup. cfg file), the following message 
appears: 


oman == = 


Your system administrator has updated your GroupWise system. You must install 
the update before running GroupWise. Press OK to install it or Cancel to quit. 


If you are not forcing the user to update (ForceUpdate=No in the setup. cfg file), the following 
message appears: 


There is new GroupWise software available. 


Do you want your software updated now? 


If a mapped drive to the software distribution directory is found, the Windows client software is 
installed from the mapped drive by the client Setup program (setup.exe). 


InstallShield Wizard 
N GroupWise Setup is preparing the InstallShield Wizard, which will 
=) guide you through the program setup process. Please wait. 
Configuring Windows Installer 
| 
Windows Installer 
2 F Preparing to install... 
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If a mapped drive to the software distribution directory is not found and you have enabled SetupIP 
(SetupIPEnabled=Yes in the setup. cfg file), the user sees the software being downloaded from the 
Web server: 


SetuplP 


Please wait while SetuplP copies the GroupWise 
Setup files from 172.16.5.17. 


Ext | III 15% 


The installation then proceeds based on your choices in the [ShowSetup] section of the setup.cfg 
file. 


JË! GroupWise - Welcome x 


Welcome to the InstallShield Wizard for 
GroupWise 


The InstallShield(R) Wizard will upgrade GroupWise on your 
computer. To continue, dick Next. 


WARNING: This program is protected by copyright law and 
international treaties. 


Novell. 


Cea 


If you turned off all dialog boxes, users do not see the Setup program running. 


77.1.5 Using the AutoUpdate Error Log Files 


If no connection to a software distribution directory can be made, the setupip. err file is created in 
c:\windows on the user's workstation. This file explains why none of the connections could be made. 


If an error occurs during the software update and ShowDialogs is set to No in the setup. cfg file, the 
error message is logged in the gwsetup.err file in the user’s c: \windows directory. 


If you add ErrorMessage=error_text as the last entry under the [GroupWiseSetup] section in the 
setup. cfg file, the specified error text is displayed. Otherwise, a generic error message is displayed, 
notifying the user to contact the system administrator. 


77.1.6 Disabling Your AutoUpdate Customizations 


To stop the Windows client Setup program (setup.exe) from using the setup configuration file 
(setup.cfg), delete setup.cfg from the client /win32 directory where setup.exe resides. Without 
a setup. cfg file, the Setup program offers the user all client installation options to choose from. 
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77.2 Using ZENworks Configuration Management to Distribute 
the GroupWise Windows Client 


You can use ZENworks Configuration Management to automatically distribute the GroupWise 
Windows client software to users’ workstations. For instructions, see “Novell ZENworks” in the 


GroupWise 2012 Interoperability Guide. 
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78.1 


78.2 


Supporting the GroupWise Client in 
Multiple Languages 


The GroupWise client software is available in a broad range of languages to meet the needs of users 
in many countries. If your GroupWise system services users who speak more than one language, the 
following tasks help you meet your multilingual users’ needs: 
+ Section 78.1, “Providing the GroupWise Client Software in Multiple Languages,” on page 1087 
+ Section 78.2, “Providing Post Office Support for Multiple Languages,” on page 1087 


Providing the GroupWise Client Software in Multiple 
Languages 


1 Ensure that you have the multilanguage version of GroupWise. 


The name of the downloaded GroupWise software image includes multi when it is the 
multilanguage version 


2 Install the client software in the languages you need in one or more software distribution 
directories, following the instructions in Section 4.9, “Software Directory Management,” on 
page 84. 

3 Distribute the client software to users, as described in Chapter 77, “Distributing the GroupWise 
Windows Client,” on page 1069. 


By installing the GroupWise client software in their language of choice, users can begin using 
GroupWise in that language immediately. However, there are a few language-related details of 
GroupWise functionality that are not taken care of by the client software running on users’ 
workstations. For a fuller multilanguage implementation, continue with Section 78.2, “Providing 
Post Office Support for Multiple Languages,” on page 1087. 


Providing Post Office Support for Multiple Languages 


A few aspects of GroupWise functionality are affected by the language in use by the POA running for 
the post office to which users belong. The POA returns certain text in the language in which it is 
running, not the language in use on users’ workstations. 
¢ The status information (Delivered, Opened, an so on) displayed in the Properties page of items 
¢ The text of return notification mail receipts (if the user has enabled this type of notification) 
¢ The sort order in the Address Book 
In some circumstances, these issues can be resolved by grouping users who speak the same language 


into the same post office and then installing the POA in the same language that the users are using. 
For more information, see Section 11, “Creating a New Post Office,” on page 173. 
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At present, the POA is available in fewer languages than the GroupWise client, so this solution helps 
only those client users who are somewhat familiar with the language in use by the POA. For more 
information, see Chapter 7, “Multilingual GroupWise Systems,” on page 123. 
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79.1 


79.2 


Tools for Analyzing and Correcting 
GroupWise Client Problems 


The following tools can assist you in analyzing and correcting GroupWise client problems. 


+ Section 79.1, “GroupWise Exception Handler for the Windows Client,” on page 1089 
+ Section 79.2, “GroupWise Check,” on page 1089 


GroupWise Exception Handler for the Windows Client 


If the GroupWise Windows client causes an exception (or “crashes”), GroupWise generates a 
GroupWise Exception Report. This report contains information that is useful in analyzing the 
problem that the client is having so that it can be solved. 


The report is saved in \temp\grpwise.rpt. The \temp directory used is the one specified by the TMP 
environment variable, or if not defined by TMP, the one specified by the TEMP environment variable. 
If neither environment variable is defined, GroupWise uses the current the windows directory. 


Each time an exception or crash occurs, a new report is appended to grpwise . rpt. If the file reaches 
100 KB, the oldest reports (at the beginning of the file) are deleted. 


The GroupWise Exception Report contains information such as the date and time the report was 
generated, the exception code, fault address, date of grpwise . exe, computer and user name where 
the exception occurred, hardware and operating system information, process modules, raw stack 
dumps, and call stacks. 


GroupWise Check 


GroupWise Check (GWCheck) is a tool that performs maintenance and repair tasks to keep 
GroupWise operating efficiently. It is essentially a standalone version of the Mailbox/Library 
Maintenance feature available in ConsoleOne. GroupWise Check checks and repairs GroupWise 
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user, message, library, and resource databases without having ConsoleOne and the GroupWise snap- 
in loaded. In addition to checking post office, user, and library databases, it also checks remote and 
archive databases. 


+ Section 79.2.1, “Enabling Group Wise Check in the Windows Client,” on page 1090 


79.2.1 Enabling GroupWise Check in the Windows Client 


GroupWise Check can be installed with the GroupWise Windows client (unless you have specified in 
setup. cfg that it not be installed), and is available by clicking Tools > Repair Mailbox in the client in 
Caching and Remote modes after you complete the following: 


1 Locate the directory named gwcheck. This is a subdirectory of the directory where the client is 
installed (usually c:\Program Files\Novell\GroupWise). 
2 Locate grpwise.exe. It is usually in c:\Program Files\Novell\GroupWise. 


3 Copy all the files in gwcheck to the directory where grpwise. exe is located. 


You can now run GroupWise Check in Caching and Remote mode. The GroupWise Check dialog box 
is titled GroupWise Mailbox Maintenance. You can also use Ctrl+Shift when accessing a Caching or 
Remote mailbox to run GroupWise Check before opening the mailbox. 


For detailed information about GroupWise Check, click Help or see Section 34.1, “GroupWise 
Check,” on page 447. 
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Startup Options for the GroupWise 
Windows Client 


The GroupWise Windows client has optional startup options that you can use when you start the 
program. Some of these startup options are for your convenience, while others are necessary to run 
GroupWise on your particular hardware. 


Windows Client Startup Options 
1@u-? 

/@u-user_ID 

Ibl 

Ic 

/cm 

liabs 

lipa-IP address or hostname 
lipp-port number 

/l-xx 

/la-network_ID 

/nu 

/ph-path_name 
/pc-path_to_caching_mailbox 


/pr-path_to_remote_mailbox 


80.1 /@u-? 


Displays a login dialog box whenever you open the GroupWise client, allowing you to supply any 
necessary login information. 


Syntax: /@u-? 


Example: grpwise.exe /@u-? 
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80.2 


80.3 


80.4 


80.5 


80.6 


80.7 


IQu-user_ID 


Lets you use your GroupWise user ID to use the GroupWise client as yourself on another user's 
computer. The other user remains logged on to the network. 


Syntax: /Ou-user. ID 


Example: grpwise.exe /@u-ltanaka 


Ibl 


Prevents the GroupWise client logo screen from being displayed when you start the GroupWise 
client. 


Syntax: /bl 


Example: grpwise.exe /bl 


Ic 


Checks for unopened items. If there are unopened items, the GroupWise client opens as usual. 
Otherwise, the GroupWise client does not start. 


Syntax: /c 


Example: grpwise.exe /c 


Icm 


Checks for unopened items. If there are unopened items, the GroupWise client opens minimized and 
a beep sounds. Otherwise, the GroupWise client does not start. 


Syntax: /cm 


Example: grpwise.exe /cm 


liabs 


Initializes the Address Book when the GroupWise client starts. 
Syntax: /iabs 


Example: grpwise.exe /iabs 


lipa-IP address or hostname 


Lets you specify the IP address or the hostname when you are running in client/server mode. 
Syntax: /ipa-IP. address 


Example: grpwise.exe /ipa=127.65.45.1 
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80.8 


80.9 


80.10 


80.11 


80.12 


80.13 


lipp-port number 


Lets you specify the IP port number when you are running in client/server mode. 
Syntax: /ipp-port. number 


Example: grpwise.exe /ipp-1677 


Il-xx 


Applies only if you have two or more language versions or language modules. This option instructs 
GroupWise to override the default environment language (under Environment in Options) with the 
language specified by the language code xx. This table lists the language codes used by all Novell 
products. GroupWise might not yet be available in some of the listed languages. For current 
information, contact your local reseller. 


For a list of language codes, see Section 7.1, “GroupWise User Languages,” on page 123. 
Syntax: /l-xx 


Example: grpwise.exe /1-ES 


Ila-network ID 


Lets you use your network ID to use the GroupWise client as yourself on another user's computer. 
The other user remains logged on to the network. 


Syntax: /la-network ID 


Example: grpwise.exe /la-jgrey 


Inu 


Turns off AutoRefresh. If this option is selected, click View > Refresh whenever you want to update the 
display to see the items currently in your mailbox. 


Syntax: /nu 


Example: grpwise.exe /nu 


Iph-path_ name 
Lets you specify the path to the post office. 
Syntax: /ph-path, name 


Example: grpwise.exe /ph-j:\mail\denverl 


Ipc-path_ to caching mailbox 


Opens GroupWise in Caching mode. GroupWise must be restarted when you change from Online to 
Caching. 
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Syntax: /pc-path to caching mailbox 


Example: grpwise.exe /pc-c:\novell\groupwise\cache 


80.14 Jpr-path to remote mailbox 


Opens the GroupWise client in Remote mode. This startup option can be used in the Target text box 
only. 


Syntax: /pr-path to remote mailbox 


Example: grpwise.exe /pr-c:\novell\groupwise\remote 
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Security Administration 


+ Chapter 81, “Native GroupWise Security,” on page 1097 
+ Chapter 82, “GroupWise Passwords,” on page 1099 

+ Chapter 83, “Encryption and Certificates,” on page 1105 
+ Chapter 84, “LDAP Directories,” on page 1119 

+ Chapter 85, “Message Security,” on page 1123 

+ Chapter 86, “Address Book Security,” on page 1125 

+ Chapter 87, “GroupWise Administrator Rights,” on page 1127 
+ Chapter 88, “GroupWise Agent Rights,” on page 1139 

+ Chapter 89, “GroupWise User Rights,” on page 1141 

+ Chapter 90, “Spam Protection,” on page 1145 

+ Chapter 91, “Virus Protection,” on page 1147 


See also Part XVIII, “Security Policies,” on page 1149. 


For additional assistance in managing your GroupWise system, see GroupWise Best Practices (http:// 
wiki.novell.com/index.php/GroupWise). 
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Native GroupWise Security 


By default, GroupWise native encryption is employed throughout your GroupWise system. This 
means that all files related to GroupWise items are automatically encrypted when they are stored on 
disk. In addition, all connections between the GroupWise client and GroupWise agents use a 
proprietary, encrypted protocol. 


By default, the GroupWise client runs in Online mode, so that all files related to mailboxes are stored 
on the Group Wise server where the POA for the post office runs. As an administrator, you can chose 
whether to allow users to set up their mailboxes to use Caching mode or Remote mode, where 
mailboxes are located on users’ workstations. 


If you decide to allow users to use Caching mode or Remote mode, the mailbox files on users’ 
workstations are all protected by GroupWise native encryption. 


The following sections help you configure your GroupWise system for even tighter security: 
+ Section 82.1, “Mailbox Passwords,” on page 1099 


+ Section 82.2, “Agent Passwords,” on page 1103 


+ Section 83.1, “Personal Digital Certificates, Digital Signatures, and S/MIME Encryption,” on 
page 1105 


+ Section 83.2, “Server Certificates and SSL Encryption,” on page 1107 
+ Section 83.3, “Trusted Root Certificates and LDAP Authentication,” on page 1115 


See also Part XVIII, “Security Policies,” on page 1149. 
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GroupWise Passwords 


Access to GroupWise mailboxes is protected by post office security settings or GroupWise 
passwords. Agent passwords grant access to remote servers and to Novell eDirectory, and protect 
access to GroupWise agent status information. 

+ Section 82.1, “Mailbox Passwords,” on page 1099 

+ Section 82.2, “Agent Passwords,” on page 1103 


See also Part XVIII, “Security Policies,” on page 1149. 


82.1 Mailbox Passwords 


When you are setting up a new GroupWise system, you need to determine what kind of password 
protection you want to have on users’ GroupWise mailboxes before users start running GroupWise. 
In ConsoleOne, you can choose where password information is obtained when users log in to 
GroupWise and you can set defaults under Client Options to enforce your choices. You and 
GroupWise client users should keep in mind that GroupWise passwords are case sensitive. 


+ Section 82.1.1, “Using Post Office Security Instead of GroupWise Passwords,” on page 1099 
+ Section 82.1.2, “Requiring GroupWise Passwords,” on page 1100 

+ Section 82.1.3, “Managing GroupWise Passwords,” on page 1100 

+ Section 82.1.4, “Using LDAP Passwords Instead of GroupWise Passwords,” on page 1102 


+ Section 82.1.5, “Bypassing Mailbox Passwords to Respond to Corporate Mandates,” on 
page 1103 


82.1.1 Using Post Office Security Instead of GroupWise Passwords 


When you create a new post office, you must select a security level for it. 


If you select Low Security for the post office, users are not required to set passwords on their 
GroupWise mailboxes. However, passwordless mailboxes are completely unprotected from other 
users who know how to use the @u-user_ID startup switch. 


If you select High Security for the post office, users are still not required to set passwords on their 
GroupWise mailboxes, but they are required to be successfully logged in to a network before they can 
access their own passwordless mailboxes. Users cannot access other users’ passwordless mailboxes. 


After you select High Security, you can further enhance post office security by requiring specific types 
of authentication before users can access their passwordless GroupWise mailboxes. You can require 
eDirectory authentication so that users must be logged in to eDirectory before they can access their 
passwordless GroupWise mailboxes. 
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In spite of these passwordless solutions to Group Wise mailbox security, users are always free to set 
their own GroupWise passwords on their mailboxes. When they do, the post office security settings 
no longer apply (except for LDAP authentication as discussed below) and users are regularly faced 
with both logins unless some additional password options are selected for them, as described in the 
following sections. 


82.12 Requiring GroupWise Passwords 


Users are required to set passwords on their GroupWise mailboxes if they want to access their 
GroupWise mailboxes in any of the following ways: 

+ Using Caching mode or Remote mode in the GroupWise Windows client 

+ Using their Web browsers and GroupWise WebAccess 

¢ Using an IMAP email client 


+ Accessing a GroupWise mailbox as an external entity rather than as an eDirectory user 


82.13 Managing GroupWise Passwords 


When GroupWise passwords are used in addition to network passwords, there are a variety of things 
you can do to make GroupWise password management easier for you and to make the additional 
GroupWise password essentially transparent for your GroupWise users. 

+ “Establishing a Default GroupWise Password for New Accounts” on page 1100 

+ “Accepting eDirectory Authentication Instead of GroupWise Passwords” on page 1101 

+ “Using Novell SecureLogin to Handle GroupWise Passwords” on page 1101 

+ “Allowing Windows to Cache GroupWise Passwords” on page 1101 

+ “Using Intruder Detection” on page 1101 

+ “Resetting GroupWise Passwords” on page 1102 

+ “Synchronizing GroupWise Passwords and LDAP Passwords” on page 1102 

+ “Helping Users Who Forget Their Passwords” on page 1102 


NOTE: A GroupWise password can contain as many as 64 characters and can contain any typeable 
characters. 


Establishing a Default GroupWise Password for New Accounts 


If you want to require users to have GroupWise passwords on their mailboxes, you can establish the 
initial passwords when you create the GroupWise accounts. In ConsoleOne, you can establish a 
default mailbox password to use automatically on all new GroupWise accounts, as described in 
Section 13.1, “Establishing a Default Password for All New GroupWise Accounts,” on page 219. Or 
you can set the password on each new GroupWise account as you create it. 


Keep in mind that some situations require users to have passwords on their GroupWise mailboxes, as 
listed in Section 82.1.2, “Requiring GroupWise Passwords,” on page 1100. 
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Accepting eDirectory Authentication Instead of GroupWise Passwords 


When you create users in eDirectory, you typically assign them network passwords, which users 
must provide when they log in to the network. If you want to make it easy for client users to access 
their GroupWise mailboxes, you can select Allow eDirectory Authentication Instead of Password 
(ConsoleOne > Tools > GroupWise Utilities > Client Options > Security > Password). This allows 
GroupWise users to select No Password Required with eDirectory (Windows client > Tools > Options > 
Security > Password). 


NOTE: This option is not available in GroupWise WebAccess. 


As long as users who select this option are logged into eDirectory as part of their network login, they 
are not prompted by GroupWise for a password when they access their GroupWise mailboxes. If 
they are not logged in to eDirectory, they must provide their GroupWise passwords in order to access 
their GroupWise mailboxes. 


Using Novell SecureLogin to Handle GroupWise Passwords 


If users have Novell SecureLogin installed on their workstations, you can select Enable single sign-on 
(ConsoleOne > Tools > GroupWise Utilities > Client Options > Security > Password). This allows 
GroupWise users to select Use Single Sign-On (Windows client > Tools > Options > Security > Password). 
Users need to provide their GroupWise mailbox password only once and thereafter SecureLogin 
provides it for them as long as they are logged in to eDirectory. 


NOTE: This option is not available in GroupWise WebAccess. 


Allowing Windows to Cache GroupWise Passwords 


If you want to allow password information to be stored on Windows workstations, you can select 
Allow password caching (ConsoleOne > Tools > GroupWise Utilities > Client Options > Security > 
Password). This allows GroupWise users to select Remember My Password (Windows client > Tools > 
Options > Security > Password). Users need to provide their GroupWise mailbox passwords only once 
and thereafter Windows provides them automatically. 


This option applies only to older GroupWise clients running on older Windows versions, such as 
Windows 2000 and earlier, which are not supported for the GroupWise 2012 Windows client. 


NOTE: This option is not available in GroupWise WebAccess. 


Using Intruder Detection 


Intruder detection identifies system break-in attempts in the form of repeated unsuccessful logins. If 
someone cannot provide a valid user name and password combination within a reasonable time, 
then that person probably does not belong in your GroupWise system. 


Intruder detection for the GroupWise Windows client is performed by the POA and is configurable. 

You can set the number of failed login attempts before lockout, the length of the lockout, and so on. If 
a user is locked out, you can re-enable his or her account in ConsoleOne. See Section 36.3.5, “Enabling 
Intruder Detection,” on page 516. 


Intruder detection for the GroupWise WebAccess is built in and is not configurable. After five failed 
login attempts, the user is locked out for 10 minutes. If a user is locked out, the user must wait for the 
lockout period to end. 
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Resetting GroupWise Passwords 


In ConsoleOne, you can remove a user's password from his or her mailbox if the password has been 
forgotten and needs to be reset (User object > Tools > GroupWise Utilities > Client Options > Security > 
Password). If necessary, you can remove the passwords from all mailboxes in a post office (Post Office 
object > Tools > GroupWise Utilities > Mailbox/Library Maintenance > Reset Client Options) This resets all 
or users’ client options settings, not just the passwords. 


It is easy for GroupWise users to reset their own passwords (Windows client > Tools > Options > 
Security > Password). However, if this method is used when users are in Caching or Remote mode, this 
changes the password on the local Caching or Remote mailboxes, but does not change the password 
on the Online mailboxes. To change the Online mailbox password while in Caching or Remote mode, 
users must use a method they might not be familiar with (Windows client > Accounts > Account 
Options > Novell GroupWise Account > Properties > Advanced > Online Mailbox Password). 


It is also easy for Group Wise WebAccess users to reset their own passwords (WebAccess > Options > 
Password). However, you might not want users to be able to reset their Group Wise passwords from 
Web browsers. See Section 62.2.3, “Preventing Users from Changing Their GroupWise Passwords in 
WebAccess,” on page 908. Windows client users cannot be prevented from changing their 
GroupWise passwords. 


Synchronizing GroupWise Passwords and LDAP Passwords 


There is no automatic procedure for synchronizing GroupWise passwords and eDirectory 
passwords. However, if you use LDAP authentication, synchronization becomes a moot point 
because GroupWise users are authenticated through an LDAP directory (such as eDirectory) rather 
than by using GroupWise passwords. See Section 82.1.4, “Using LDAP Passwords Instead of 
GroupWise Passwords,” on page 1102. 


Helping Users Who Forget Their Passwords 


The WebAccess Login page includes a Can't log in link, which provides the following information to 
WebAccess users by default: 


If you have forgotten your GroupWise password, contact your local GroupWise 
administrator. 


For your convenience and for the convenience of your WebAccess users, you can customize the 
information that is provided by the Can't log in link. For set instructions, see “Helping Users Who 
Forget Their Group Wise Passwords” in “WebAccess” in the GroupWise 2012 Administration Guide. 


82.1.4 Using LDAP Passwords Instead of GroupWise Passwords 


Instead of using GroupWise passwords, users” password information can be validated using an 
LDAP directory. In order for users to use their LDAP passwords to access their GroupWise 
mailboxes, you must define one or more LDAP servers in your GroupWise system and configure the 
POA for each post office to perform LDAP authentication, as described in Section 36.3.4, “Providing 
LDAP Authentication for GroupWise Users,” on page 510. 


When LDAP authentication is enabled, you can control whether users can use the GroupWise client 
to change their LDAP passwords (ConsoleOne > Post Office object > Properties > GroupWise > Security). 
If you allow them to, GroupWise users can change their passwords through the Security Options 
dialog box (Windows client > Tools > Options > Security) or on the Passwords page (Group Wise 
WebAccess > Options > Password). If you do not allow them to change their LDAP passwords in the 
GroupWise client, users must use a different application in order to change their LDAP passwords. 
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82.1.5 


82.2 


82.2.1 


82.2.2 


You and users can use some of the same methods to bypass LDAP passwords as you can use for 
bypassing GroupWise passwords. See “Accepting eDirectory Authentication Instead of GroupWise 
Passwords” on page 1101 and “Allowing Windows to Cache GroupWise Passwords” on page 1101. 


For more information about LDAP passwords, see Section 84.3, “Authenticating to GroupWise with 
Passwords Stored in an LDAP Directory,” on page 1120. 


Bypassing Mailbox Passwords to Respond to Corporate Mandates 


Sometimes it is necessary to access user mailboxes to meet corporate mandates such as virus 
scanning, content filtering, or email auditing that might be required during litigation. These types of 
mailbox access are obtain using trusted applications, which are third-party programs that can log 
into Post Office Agents (POAs) in order to access GroupWise mailboxes. For more information about 
a using trusted application to bypass mailbox passwords, see Section 4.12, “Trusted Applications,” 
on page 90 


Agent Passwords 


Agent passwords facilitate access to remote servers where domains, post office, and document 
storage areas are located and access to eDirectory for synchronization of user information between 
GroupWise and eDirectory. They also protect GroupWise Monitor and the agent Web consoles from 
unauthorized access. 


+ Section 82.2.1, “Facilitating Access to Remote Servers,” on page 1103 

+ Section 82.2.2, “Facilitating Access to eDirectory,” on page 1103 

+ Section 82.2.3, “Protecting the Agent Web Consoles,” on page 1104 

+ Section 82.2.4, “Protecting the GroupWise Monitor Web Console,” on page 1104 


Facilitating Access to Remote Servers 


The Windows POA needs user name and password information in order to access a document 
storage area on a server other than the one where the post office database and directory structure are 
located. There are two ways to provide this information: 


¢ Fillin the Remote User Name and Remote Password fields on the Post Office Settings page of the 
Post Office object in ConsoleOne 


+ Add the /user and /password startup switches to the POA startup file to provide a user name 
and password 


Providing passwords in clear text in a startup file might seem like a security risk. However, the 
servers where the agents run should be kept physically secure. If an unauthorized person did gain 
physical access, they would not be doing so for the purpose of obtaining these particular passwords. 
The passwords are encrypted as they pass over the wire between servers, so the security risk is 
minimal. 


Facilitating Access to eDirectory 


If you have enabled eDirectory user synchronization, the MTA must be able to log in to eDirectory in 
order to obtain the updated user information. An eDirectory-enabled MTA should be installed on a 
server where a local eDirectory replica is located. For more information, see Section 42.4.1, “Using 
eDirectory User Synchronization,” on page 652. 
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82.2.3 Protecting the Agent Web Consoles 


When you install the POA, the MTA, and the GWIA, they are automatically configured with an agent 
Web console and no password protection is provided. When you install the GWIA, you can choose 
whether to enable the agent Web console during installation. If you do, you can provide password 
protection at that time. For WebAccess, you must manually enable its Web console, so you can 
provide password protection when you enable it. 


If you do not want agent Web console status information available to anyone who knows the agent 
network address and port number, you should set passwords on your agent Web console, as 
described in the following sections: 

+ Section 37.2, “Using the POA Web Console,” on page 539 

+ Section 43.2, “Using the MTA Web Console,” on page 669 

+ Section 49.2, “Using the DVA Web Console,” on page 725 

+ Section 56.2, “Using the GWIA Web Console,” on page 827 

+ Section 63.1, “Using the WebAccess Application Web Console,” on page 917 
If you plan to access the GroupWise Monitor Web consoles, it is most convenient if you use the same 
password on all agent Web consoles. That way, you can provide the agent Web console password 
once in GroupWise Monitor, rather than having to provide various passwords as you view the Web 


consoles for various agents. For information about providing the agent Web console password in 
GroupWise Monitor, see Section 69.4, “Configuring Polling of Monitored Agents,” on page 956. 


82.2.4 Protecting the GroupWise Monitor Web Console 


Along with the agent Web consoles, you can also provide password protection for the Monitor Web 
console itself, from which all the agent Web consoles can be accessed. For instructions, see 

Section 69.8, “Configuring Authentication and Intruder Lockout for the Monitor Web Console,” on 
page 964. 
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83.1 


Encryption and Certificates 


GroupWise native encryption is employed throughout your GroupWise system. For background 
information, see Chapter 81, “Native GroupWise Security,” on page 1097. Additional security 
measures should also be utilized to secure your GroupWise data. 


+ Section 83.1, “Personal Digital Certificates, Digital Signatures, and S/MIME Encryption,” on 
page 1105 

+ Section 83.2, “Server Certificates and SSL Encryption,” on page 1107 

+ Section 83.3, “Trusted Root Certificates and LDAP Authentication,” on page 1115 


See also Part XVIII, “Security Policies,” on page 1149. 


Personal Digital Certificates, Digital Signatures, and S/ 
MIME Encryption 


If desired, you can implement S/MIME encryption for GroupWise client users by installing various 
security providers on users’ workstations, including: 


¢ Entrust 4.0 or later (http://www.entrust.com) 
* Microsoft Base Cryptographic Provider 1.0 or later (included with Internet Explorer 4.0 or later) 


+ Microsoft Enhanced Cryptographic Provider 1.0 or later (http://www.microsoft.com/windows/ 
ie/downloads/recommended/128bit/default.asp) 


* Microsoft Strong Cryptographic Provider (http://www.siliconprairiesc.com/spsckb/EncryptAll/ 
strong_cryptographic_provider.htm) 


+ Gemplus GemSAFE Card CSP 1.0 or later (http://www.gemplus.com) 
+ Schlumberger Cryptographic Provider (http://www.slb.com) 


For additional providers, consult the Novell Partner Product Guide (http://www.novell.com/ 
partnerguide). 


These products enable users to digitally sign and encrypt their messages using S/MIME encryption. 
When a sender digitally signs a message, the recipient is able to verify that the item was not modified 
en route and that it originated from the sender specified. When a sender encrypts a message, the 
sender ensures that the intended recipient is the only one who can read it. Digitally signed and 
encrypted messages are protected as they travel across the Internet, but native GroupWise encryption 
is removed as messages leave your GroupWise system. 


After users have installed an S/MIME security provider on their workstations, you can configure 
default functionality for it in ConsoleOne (Domain, Post Office, or User object > Tools > GroupWise 
Utilities > Client Options > Send > Security > Secure Item Options). You can specify a URL from which 
you want users to obtain their S/MIME certificates. You can require the use of digital signatures and 
encryption, rather than letting users decide when to use them. You can even select the encryption 
algorithm and encryption key size if necessary. For more information, see Section 76.2.2, “Modifying 
Send Options,” on page 1050. 
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After you have configured S/MIME functionality in ConsoleOne, GroupWise users must select the 
security provider (Windows client > Tools > Options > Security > Send Options) and then obtain a 
personal digital certificate. Unless you installed Entrust, users can reguest certificates (Windows 
client > Tools > Options > Certificates > Get Certificate). If you provided a URL, users are taken to the 
certificate authority of your choice. Otherwise, certificates for use with GroupWise can be obtained 
from various certificate providers, including: 


+ Novell, Inc. (if you have installed Novell Certificate Server 2 or later (http://www.novell.com/ 
products/certserver)) 

+ VeriSign, Inc. (http://www.verisign.com) 

+ Thawte Certification (http://www.thawte.com) 

+ GlobalSign (http://www.globalsign.com) 


NOTE: Some certificate providers charge a fee for certificates and some do not. 


After users have selected the appropriate security provider and obtained a personal digital 
certificate, they can protect their messages with S/MIME encryption by digitally signing them 
(Windows client > Actions > Sign Digitally) and encrypting them (Windows client > Actions > Encrypt). 
Buttons are added to the GroupWise toolbar for convenient use on individual messages, or users can 
configure GroupWise to always use digital signatures and encryption (Windows client > Tools > 
Options > Security > Send Options). The messages they send with digital signatures and encryption can 
be read by recipients using any other S/MIME-enabled email product. 


GroupWise Windows client users are responsible for managing their personal digital certificates. 
Users can have multiple personal digital certificates. In the GroupWise client, users can view their 
own certificates, view the certificates they have received from their contacts, access recipient 
certificates from LDAP directories (see Section 84.4, “Accessing S/MIME Certificates in an LDAP 
Directory,” on page 1121 for details), change the trust level on certificates, import and export 
certificates, and so on. 


The certificates are stored in the local certificate store on the user’s workstation. They are not stored 
in GroupWise. Therefore, if a user moves to a different workstation, he or she must import the 
personal digital certificate into the certificate store on the new workstation, even though the same 
GroupWise account is being accessed. 


If your system includes smart card readers on users’ workstations, certificates can also be retrieved 
from this source, so that after composing a message, users can sign them by inserting their smart 
cards into the card readers. The GroupWise client picks up the digital signature and adds it to the 
message. 


The GroupWise Windows client verifies the user certificate to ensure that it has not been revoked. It 
also verifies the certificate authority. If a certificate has expired, the GroupWise user receives a 
warning message. 


For complete details about using S/MIME encryption in the GroupWise Windows client, see 
“Sending S/MIME Secure Messages” in “Email” in the GroupWise 2012 Windows Client User Guide. 


NOTE: S/MIME encryption is not available in GroupWise WebAccess. 


Any messages that are not digitally signed or encrypted are still protected by native GroupWise 
encryption as long as they are within your GroupWise system. 
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83.2 


83.2.1 


Server Certificates and SSL Encryption 


You should strengthen native GroupWise encryption with Secure Sockets Layer (SSL) 
communication between servers where GroupWise agents are installed. You can choose to purchase a 
server certificate from a commercial certificate authority (CA) or you can generate a self-signed 
certificate. 


The advantage of using a self-signed certificate is that you can proceed to set up SSL immediately, 
without waiting to the certificate from a certificate authority. However, the first time the GroupWise 
client encounters the self-signed certificate, it prompts the user to accept the certificate. The 
advantage of a commercially generated certificate is that the GroupWise client accepts it 
automatically. You might choose to use a self-signed certificate initially, while you are waiting to 
obtain a commercially generated certificate. 


If you have not already set up SSL on your system, complete the following tasks: 


+ Section 83.2.1, “Purchasing a Commercially Generated Certificate,” on page 1107 
+ Section 83.2.2, “Generating a Self-Signed Certificate,” on page 1111 

+ Section 83.2.3, “Installing the Certificate on the Server,” on page 1114 

+ Section 83.2.4, “Configuring the Agents to Use SSL,” on page 1115 


If you have already set up SSL on your system and are using it with other applications in addition to 
GroupWise, skip to Section 83.2.4, “Configuring the Agents to Use SSL,” on page 1115. 


Purchasing a Commercially Generated Certificate 


In order to purchase a commercially generated certificate, you must create a certificate signing 
request (CSR). 

+ “Generating a Certificate Signing Request” on page 1107 

+ “Submitting the Certificate Signing Request to a Certificate Authority” on page 1111 


Generating a Certificate Signing Request 


The certificate signing request (CSR) includes the hostname of the server where the agents run. 
Therefore, you must create a CSR for every server where you want the GroupWise agents to use SSL. 
However, all GroupWise agents running on the same server can all use the same certificate, so you do 
not need separate CSRs for different agents. The CSR also includes your choice of name and 
password for the private key file that must be used with each certificate. This information is needed 
when configuring the agents to use SSL. 

+ “Using the GroupWise Generate CSR Utility (GWCSRGEN)” on page 1107 

> “Linux: Using OpenSSL” on page 1109 

+ “Windows Server 2008: Using IIS Manager” on page 1110 


+ “Windows Server 2003: Using Internet Information Services” on page 1111 


Using the GroupWise Generate CSR Utility (GWCSRGEN) 


One way to create a CSR is to use the GroupWise Generate CSR utility (GWCSRGEN). This utility 
takes the information you provide and creates a .csr file from which a public certificate file can be 
generated. 
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IMPORTANT: Starting in Group Wise 2012 SP1, GWCSRGEN is no longer a recommended method 
for creating CSRs. You can still use it for convenience, but for optimum security, use a standard CSR 
generation method native to your operating system. 


1 Startthe GroupWise Generate CSR utility. 
Linux: The utility (gwcsrgen) is installed to the /opt /novell/groupwise/agents/bin 
directory. You must be logged in as root to start the utility. 


Windows: The utility (gwcsrgen.exe) is located in the \admin\utility\gwcsrgen directory either 
in downloaded GroupWise 2012 software image or in the GroupWise software distribution 


directory. 

=: Certificate Signing Request B! [x] 
Private Key Certificate Signing Request 
Kap laar (| CSR filename OoOo ooo o Create 
Key Length hos xl Cancel 
Key password a Help 
Verify password e i 
Required Information 
Country = Organization | a] 
State/Province EA Division a 
City [SSRI Hostname of Server fC | 


2 Fillin the fields in the Private Key box. The private key information is used to create both the 
Private Key file and the certificate signing request file. 


Key Filename: Specify a name for the Private Key file (for example, server1 . key). If you do not 
want the file stored in the same directory as the GWCSRGEN utility, specify a full path with the 
file name (for example, c:\certs\server1.key or /opt/novell/groupwise/certs/ 
server1.key). The directory where you want to create the .key file must already exist. 


Linux: Use only lowercase characters. 


Windows: No limitations 


Key Length: The key length can be 1024, 2048, or 4096. The default is 1024. 


Key Password: Specify the password for the private key. The password can be up to 256 
characters (single-byte environments). 


Verify Password: Specify the password again. 
3 Fillin the fields in the Certificate Signing Request box. 


CSR Filename: Specify a name for the certificate signing request file (for example, 
server1.csr). If you don't want the file created in the same directory as the GWCSRGEN 
utility, specify a full path with the file name (for example, c:\certs\serverl.csr or /opt/ 
novell/groupwise/certs/server1.csr). The directory where you want to create the .csr file 
must already exist. 


Linux: Use only lowercase characters. 


Windows: No limitations 
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4 Fillinthe fields in the Reguired Information box. This information is used to create the certificate 
signing reguest file. You must fill in all fields to generate a valid CSR file. 


Country: Specify the two-letter abbreviation for your country (for example, US). 


State/Province: Specify the name of your state or province (for example, Utah). Use the full 
name. Do not abbreviate it. 


City: Specify the name of your city (for example, Provo). 
Organization: Specify the name of your organization (for example, Novell, Inc.). 


Division: Specify your organization's division that this certificate is being issued to (for 
example, Novell Product Development). 


Hostname of Server: Specify the DNS hostname of the server where the server certificate will be 
used (for example, dev.provo.novell.com). 


5 Click Create to generate the CSR file and Private Key file. 


The CSR and Private Key files are created with the names and in the locations you specified in 
the Key Filename and CSR Filename fields. 


6 Skip to “Submitting the Certificate Signing Reguest to a Certificate Authority” on page 1111. 


For convenience, if you need to generate multiple certificates, you can record the information for the 
fields listed in “Using the GroupWise Generate CSR Utility (GWCSRGEN)” on page 1107 ina 
configuration file so that the information is automatically provided whenever you run the 
GroupWise Generate CSR utility. The configuration file must have the following format: 


[Private Key] 
Location = 
Extension = key 


[CSR] 
Location = 
Extension = csr 


[Required Information] 
Country = 

State = 

City = 

Organization = 
Division = 
Hostname 


If you do not want to provide a default for a certain field, insert a comment character (#) at the 
beginning of that line. Name the file gwcsrgen.cnf. Save the file in the same directory where the 
utility is installed: 

Linux: /opt/novell/groupwise/agents/bin 


Windows: \grpwise\software\admin\utility\gwesrgen 


Linux: Using OpenSSL 


For background information, see HOWTO Certificates (http://www.openssl.org/docs/HOWTO/ 
certificates.txt). 


1 Open a terminal window, become root, and change to a convenient directory where you want to 
create the CSR. 


2 Enter the following command to create a private key file: 


openssl genrsa -out -key key file name.key 2048 
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Replace key file name.key with a convenient name for the private key file, such as gw.key. 
3 Create the CSR: 


ga Enter the following command: 


openssl reg -new -key key file name.key -out csr file name.csr 
Replace key file name.key with the key file that you created in Step 2. 


3b Enterthe two-letter code for your country, such as US for the United States, DE for Germany, 
and so on. 


3c Enter your state or province. 

3d Enter your city. 

3e Enterthe name of your company or organization. 
3f Enter your department or other organizational unit. 


3g Enterthe fully gualified domain name of the server for which you are obtaining a 
certificate, such as gw3.novell.com. 


3h Enterthe email address of a contact person for that server. 
gi 


3j (Optional) Enter a secondary name for your company or organization. 


(Optional) Enter a password for the CSR. 


4 Skip to “Submitting the Certificate Signing Reguest to a Certificate Authority” on page 1111. 


Windows Server 2008: Using IIS Manager 
1 Open IIS Manager. 


2 Inthe Connections pane, click the server to display the server Home view. 
3 Inthe Features View, double-click Server Certificate. 
4 Inthe Actions pane, click Create Certificate Request. 


2x 
Distinguished Name Properties 


gl 


Spedfy the required information for the certificate. State/province and City/locality must be specified 
as official names and they cannot contain abbreviations. 


Common name: fo 


Organization: [CT 
Organizational unit: [EEE 

City locality EEEL 

State/province: EEE 

Country/region: US v 


5 Inthe Common Name field, specify the fully qualified domain name of the server for which you 
are obtaining a certificate, such as gw3 .novell.com. 


6 Fillinthe rest of the fields with the reguested information, then click Next. 
7 The default cryptographic service provider and bit length are acceptable, so click Next. 
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8 Specify a name for the CSR file, such as gw.csr, then click Finish. 


If you do not specify a full path name, the CSR file is created in the c: \Windows\System32 
directory. 


9 Skip to “Submitting the Certificate Signing Request to a Certificate Authority” on page 1111. 


Windows Server 2003: Using Internet Information Services 


In the Control Panel, click Administrative Tools > Internet Information Services. 
Right-click a Web site, then click Properties. 

On the Directory Security tab, click Server Certificate, then click Next. 

Select Create a new certificate, then click Next. 

Select Prepare the reguest now, but send it later, then click Next. 

Specify an identifying name for the certificate, then click Next. 


Specify your company name and department name, then click Next. 


© SN OO GI R © N Ph 


Specify the fully gualified domain name of the server for which you are obtaining a certificate, 
such as gw3.novell. com, then click Next. 


9 Specify the location of your company, then click Next. 
10 Specify a name for the CSR file, such as gw. csr, then click Next. 


If you do not specify a full path name, the CSR file is created in the c: \Windows\System32 
directory. 


11 Review the information that you have provided, then click Next to create the CSR file. 
12 Continue with Submitting the Certificate Signing Reguest to a Certificate Authority. 


Submitting the Certificate Signing Reguest to a Certificate Authority 


To obtain a server certificate, you can submit the certificate signing reguest (server name.csr file) to 
a certificate authority. If you have not previously used a certificate authority, you can use the 
keywords “certificate authority” to search the Web for certificate authority companies. 


The process of submitting the CSR varies from company to company. Most provide online 
submission of the reguest. Follow their instructions for submitting the reguest. The certificate 
authority must be able to provide the certificate in Base64/PEM or PFX format. 


83.2.2 Generating a Self-Signed Certificate 


There are several ways to generate a self-signed certificate: 


+ “Using ConsoleOne on Windows or Linux” on page 1111 
+ “Using YaST on Linux” on page 1113 


+ “Using the openssl Command on Linux” on page 1114 


Using ConsoleOne on Windows or Linux 
The NetIQ Certificate Server, which runs on a Linux server with NetIQ eDirectory, enables you to 


establish your own certificate authority and issue server certificates for yourself. For complete 
information, see the NetIQ Certificate Server Web site (https://www.netig.com/documentation/crt33). 
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To guickly create your own public certificate in ConsoleOne: 


1 Click Help > About Snapins to see if the Certificate Server snap-in to ConsoleOne is installed. 


If you need to install the snap-in on Linux, it is available in the version of ConsoleOne provided 


in the consoleone subdirectory in the downloaded GroupWise 2012 software image. It is called 
the PKI Snapin. 


If you need to install the snap-in on Windows, you can download the snap-ins for Windows 
ConsoleOne from the Novell Downloads site (http://download.novell.com/ 
Download?buildid=FCT5LgrhcGT-). 


NOTE: You can create a server certificate in Novell iManager, as well as in ConsoleOne, using 
steps similar to those provided below. 


2 Browse to and select the container where your Server object is located. 


3 Click Tools > Issue Certificate, then in the Filename field, browse to and select the CSR file created 
by GroupWise Generate CSR utility (GWCSRGEN) in “Generating a Certificate Signing 
Reguest” on page 1107. 


Issue Certificate 


Paste a certificate signing request (CSR) in the window below or specify a 
Novell. name of a file containing a CSR. 


6cXSdELBtävt+ymlõyrvä]5YU/ gEFSHp Fr Y Jo TALUL TSNsSUmoRLAPES ISS SEL] AI 
ip ] 
vEGSidGoz(weVATKLBO £ AvEk IyrCmB9 ir CC AuE ABaBAMAOGCS 463 Ib IDOEBBA 

va 

BAGBAE/ iN? iG1aRH41BubRjcchuc2q/Unous2t$1iDF+2DMyQ20+B2vav02125 

h2 

KUyPHdak FBHSU7 gZ i20XLYQ4TUBRTRP8+2rkeg 101 4rEcQykWaqJOFEPo/ ays 

sN 

qIBESNERuk ZX YNOWI oDKNI gfo 4Bpja3QixzôSPe+jőB 1190 


Filename: K:\certs\jbd-w.csr 


C + Cm) 


4 Click Next. 


By default, your own organizational certificate authority signs the request. 
5 Click Next. 


Issue Certificate 


Select how the key is to be used. 


N ove | I. Type Key usage 


O Unspecified Data encipherment 


© Encryption Key encipherment 


O Signature 
© SSL or TLS 
( Custom 


[1] Set the key usage extension to critical 


< Back I Next > II Cancel F 
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In the Type box, select Custom. 

In the Key Usage box, select all three usage options. 

Click Next. 

In the Validity Period field, select the length of time you want the certificate to be valid. 


© ON OO 


You might want to change the setting to a longer period of time to best meet the needs of your 
organization. 


10 Click Next, view the summary information, then click Finish. 
11 Select File in Base64 Format. 


Save Certificate 


A certificate has been created. Specify how to save the certificate. 
Save to 


© System clipboard in Base64 format 
© File in binary DER format 


uedCertificate.b64 


Details Save Cancel Help 


12 Specify the path and file name for the certificate. 


Linux: Use only lowercase characters. 


Windows: No limitations 


You can retain the .b64 extension or use the more general .crt extension. 
13 Click Save. 


Using YaST on Linux 


1 On the Linux server desktop, click Computer > YaST, then enter the root password. 
2 Click Security and Users > CA Management. 
3 If you did not create the YaST Default CA during the installation of Linux on the server: 


3a Click Import CA, specify the name and location of an existing CA, click OK, then skip to 
Step 4. 


or 
Click Create Root CA, then continue with Step 3b. 
3b Fill in the following fields: 
CA Name: Specify the name of the CA certificate. 
Common Name: Specify the name of the certificate authority. 
Organization: Specify the name of your organization (for example, Novell, Inc.). 


Organizational Unit: Specify your organization's division that this certificate is being 
issued to (for example, Novell Product Development). 


Locality: Specify the name of your city or other regional division (for example, Provo). 


State: Specify the name of your state (for example, Utah). Use the full name. Do not 
abbreviate it. 


Country: Select the name of your country (for example, USA). 
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3c Click Next. 

3d Specify and verify the certificate password, then click Next. 

3e Click Create to create the root certificate authority on the server. 
4 After you have a certificate authority on the Linux server: 


4a Select YaST_Default_CA or the CA you just created, click Enter CA, specify the CA 
password, then click OK. 


4b On the Certificates tab, click Export > Export to File. 
4c Select Certificate and the Key Encrypted in PEM Format. 


Ad Specify the certificate password and, if desired, specify and verify a new password for the 
new certificate file. 


4e Browse to and select the directory where you want to create the certificate file, then specify 
the file name for the certificate, adding a .pem extension. 


4f Click OK to create the certificate file, then click OK again to confirm. 
4g Exit from YaST. 


5 Ina terminal window, log in as root, then separate the .pem file created by YaST into a .crt file 
anda .key file, as required by GroupWise: 


5a Use a text editor such as gedit to open the .pen file. 


5b Select and copy the BEGIN CERTIFICATE line through the END CERTIFICATE line into anew 
file, name it the same as the server name, and add a .crt extension to the file name when 
you save it. 


5c Select and copy the BEGIN RSA PRIVATE KEY line through the END RSA PRIVATE KEY line 
into a new file, name it the same as the server name, and add a .key extension to the file 
name when you save it. 


5d Exit the text editor. 


Using the openssl Command on Linux 


A convenient way to create a certificate from the Linux command line is to use the openss1 
command, as described in HOWTO Keys (http://www.openssl.org/docs/HOWTO/keys.txt). 


83.2.3 Installing the Certificate on the Server 


After processing your CSRs, the certificate authority sends you a public certificate 

(server name.b64) file for each CSR. You might need to extract the private key from the public 
certificate. The private key file might have an extension such as .pem or .pfx. The extension is 
unimportant as long as the file format is correct. 


If you used the Issue Certificate feature in ConsoleOne, as described in Section 83.2.2, “Generating a 
Self-Signed Certificate,” on page 1111, it generated the public certificate file (server name.b64) and 
private key file (server_name.key). 


Copy the files to any convenient location on each server. The location must be accessible to the 
GroupWise agents that run on the server. 
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83.2.4 Configuring the Agents to Use SSL 


To configure the agents to use SSL you must first enable them for SSL and then provide certificate 
and key file information. For detailed instructions, see the following sections: 

¢ “Securing the Post Office with SSL Connections to the POA” on page 508 

¢ “Securing the Domain with SSL Connections to the MTA” on page 643 

+ Section 48.2.3, “Securing Document Conversion with SSL Connections,” on page 721 

+ Securing GWIA Connections with SSL 


83.3 Trusted Root Certificates and LDAP Authentication 


LDAP authentication, as described in Section 36.3.4, “Providing LDAP Authentication for 
GroupWise Users,” on page 510, relies on the presence of a trusted root certificate (often named 
rootcert .der) located on your LDAP server. A trusted root certificate is automatically created for a 
server when you install eDirectory on that server. However, circumstances might arise where you 
need to create one manually. You can do this in ConsoleOne. 


1 Make sure that Novell International Cryptography Infrastructure (NICI) is installed on the 
workstation where you run ConsoleOne. 


If necessary, you can download NICI from the Novell Product Downloads site (http:// 
download.novell.com). 


2 In ConsoleOne, click Help > About Snapins and verify that the following snap-ins are installed: 
+ Novell LDAP 
+ Novell Certificate Server 
+ Novell Modular Authentication Services (NMAS) 


You can download these snap-ins from the Novell Product Downloads site (http:// 
download.novell.com). After these snap-ins are installed, you can generate a trusted root 
certificate for the LDAP server. 


3 In ConsoleOne, check current SSL/TLS configuration of the LDAP server: 


3a Browse to and right-click the LDAP Server object in your eDirectory tree (typically named 
LDAP Server - server name), then click Properties. 


3b Click SSL/TLS Configuration. 
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Properties of LDAP Server - JBD-W 
Screen Options | Fitered Replica | Persistent Search | Event Monitorir, 


TLS (SSL) Port: [635 T Disable SSL Port 


Server Certificate: [esi CertificateDNS 
Client Certificate: [not Reguested = 
Trusted Root Containers: LL =) e] 
I Require TLS for All Operations 
F Ena 


Page Options... 


3c Note the name of the server certificate (typically SSL CertificateDNS). 
3d Make sure that Disable SSL Port is not selected. 
4 Export a trusted root certificate: 


4a Browse to and right-click the SSL Certificate object identified in Step 3c, then click 
Properties. 


4b Click Certificates. 


Properties of SSL CertificateDNS - JBD-W 


General | Certificates + | NDS Rights + | Other | Rights to Files and Folders | 
| Trusted Root Certificate 


Subject name:  fOUsOrganizationalCA.O=CORP TRE  ć o oO 
Issuer name: JOUsOrqanizationalC&.O=CORP TREE 
Effective date: [anuary 24, 2007 10:51:52 PM GMT-0700 S 
Expiration date: [anuary 24, 2017 10:51:52 PM GMT-0700 £8 
Certificate status: [lick Validate. 00000000 


Replace Details Export | Validate 


Page Options... 


5 Click Validate, then click OK. 

6 Click Export. 

7 When asked if you want to export the private key with the certificate, select No, then click Next. 
8 Inthe Output Format box, select File in Binary DER Format. 


9 Inthe Filename field, specify the full path and file name for the trusted root certificate. 
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IMPORTANT: For use with GroupWise, the name of the trusted root certificate file can consist 
of 8 characters plus the .der extension. It cannot be a long file name. The most convenient 
location for the trusted root certificate for use with GroupWise is in the directory where the POA 
software is installed. By default, the POA looks for a file named ngwkey .der. 


10 Click Next, then click Finish. 


You are now ready to configure the POA for LDAP authentication, as described in Section 36.3.4, 
“Providing LDAP Authentication for GroupWise Users,” on page 510. 
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64.1 


84.2 


LDAP Directories 


LDAP (Lightweight Directory Access Protocol) is a standard Internet protocol for accessing 
commonly used network directories. If you are new to GroupWise or LDAP, you might find it useful 
to review TID 2955731, “GroupWise and LDAP,” in the Novell Support Knowledgebase. (http:// 
www.novell.com/support) This TID provides an overview of LDAP and explains the two address- 
book-related ways that GroupWise makes use of LDAP. This section briefly summarizes the address 
book usages of LDAP and explains how LDAP can also be used to store security information such as 
passwords and certificates for use with GroupWise. 


+ Section 84.1, “Accessing Public LDAP Directories from GroupWise,” on page 1119 


+ Section 84.2, “Offering the Group Wise Address Book as an LDAP Directory,” on page 1119 


+ Section 84.3, “Authenticating to GroupWise with Passwords Stored in an LDAP Directory,” on 
page 1120 


+ Section 84.4, “Accessing S/MIME Certificates in an LDAP Directory,” on page 1121 
See also Part XVIII, “Security Policies,” on page 1149. 


Accessing Public LDAP Directories from GroupWise 


The GroupWise client uses LDAP to provide access to directory services such as Bigfoot. This enables 
GroupWise users to select email addresses from these popular directory services and add them to 
their personal GroupWise address books. See “Using the LDAP Address Book” in “Contacts and 
Address Books” in the GroupWise 2012 Windows Client User Guide. 


Offering the GroupWise Address Book as an LDAP 
Directory 


The GroupWise Internet Agent (GWIA) uses LDAP to make the GroupWise address book available 
to any LDAP-enabled client. This enables users of other email clients to define GroupWise address 
books as LDAP directories from which they can select email addresses. See Section 53.3, 
“Configuring LDAP Services,” on page 782. See also Chapter 86, “Address Book Security,” on 

page 1125. 
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84.3 


84.3.1 


84.3.2 


Authenticating to GroupWise with Passwords Stored in an 
LDAP Directory 


Enabling LDAP authentication for the POA is independent of these LDAP address book features. 
You need to enable LDAP authentication when you want the POA to authenticate the user’s 
password in an LDAP directory rather than looking for a password in the user’s GroupWise account 
information. The POA can make use of the following LDAP capabilities: 


+ Section 84.3.1, “Access Method,” on page 1120 
+ Section 84.3.2, “LDAP User Name,” on page 1120 


When you understand these LDAP capabilities, you are ready to set up LDAP authentication for 
your GroupWise users. See Section 36.3.4, “Providing LDAP Authentication for GroupWise Users,” 
on page 510. 


Access Method 


On a server-by-server basis (ConsoleOne > Tools > GroupWise System Operations > LDAP Servers), you 
can specify whether you want each LDAP server to respond to authentication requests using a bind 
or a compare. 


+ Bind: With a bind, the POA essentially logs in to the LDAP server. When responding to a bind 
request, most LDAP servers enforce password policies such as grace logins and intruder 
lockout, if such policies have been implemented by the LDAP directory. 


+ Compare: With a compare, the POA provides the user password to the LDAP server. When 
responding to a compare request, the LDAP server compares the password provided by the 
POA with the user’s password in the LDAP directory, and returns the results of the comparison. 
Using a compare connection can provide faster access because there is typically less overhead 
involved because password policies are not being enforced. 


Regardless of whether the POA is submitting bind requests or compare requests to authenticate 
GroupWise users, the POA can stay connected to the LDAP server as long as authentication requests 
continue to occur before the connection times out. This provides quick response as users are 
accessing their mailboxes. 


LDAP User Name 


On a post office-by-post office basis (ConsoleOne > Post Office object > Properties > GroupWise > 
Security), you can decide what user name you want the POA to use when accessing the LDAP server. 


+ LDAP Username Login: If you want the POA to access the LDAP server with specific rights to 
the LDAP directory, you can provide a user name for the POA to use when logging in. The rights 
of the user determine what information in the LDAP directory will be available during the 
authentication process. 


* Public or Anonymous Login: If you do not provide a specific LDAP user name as part of the 
post office LDAP configuration information, then the POA accesses the LDAP directory with a 
public or anonymous connection. Only public information is available when using such a login. 
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84.4 


Accessing S/MIME Certificates in an LDAP Directory 


Just as the POA can access user password information in an LDAP directory, the GroupWise 
Windows client can access recipients’ digital certificates in an LDAP directory. See “Using LDAP to 
Search for Recipient Encryption Certificates” in “Email” in the GroupWise 2012 Windows Client User 
Guide. 


When a certificate is stored on an LDAP server, the GroupWise Windows client searches the LDAP 
server every time the certificate is used. Certificates from LDAP servers are not downloaded into the 
local certificate store on the user’s workstation. 


To facilitate this process, the user must select a default LDAP directory in the LDAP address book 
(Windows client > Address Book > Novell LDAP Address Book > Directories > Set as Default) and enable 
searching (Windows client > Tools > Options > Security > Send Options > Advanced Options > Search for 
recipient encryption certificates in the default LDAP directory defined in LDAP Address Book). 


An advantage to this is that recipients’ certificates are available no matter what workstation the 
GroupWise user sends the message from. 


NOTE: This feature is not available in GroupWise WebAccess. 
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D Message Security 


The GroupWise client accommodates users” preferences for security and privacy when sending 
messages. Users can: 


+ Sign a message with standardized text (Windows client > Tools > Options > Environment > 
Signature). 


+ Sign a message with an electronic business card (vCard) (Windows client > Tools > Options > 
Environment > Signature). 


+ Digitally sign and encrypt a message. See Section 83.1, “Personal Digital Certificates, Digital 
Signatures, and S/MIME Encryption,” on page 1105. 


+ Give a message a security classification (Windows client > New Mail > Send Options > General > 
Classification > Normal, Proprietary, Confidential, Secret, Top Secret, or For your eyes only). 


+ Conceal the subject of an email message (Windows client > New Mail > Send Options > Security > 
Conceal subject). 


* Mark messages and appointments private so that proxy users cannot see them. (Windows client 
> Actions > Mark Private). 


+ Attach a password-protected document to a message and have the application prompt the 
recipient to supply the password before the recipient can open the document 


+ Reguire a password in order to mark a Routing Slip completed (Windows client > Tools > Options 
> Security > Send Options > Require password to complete routed item). This can prevent a user who is 
proxied to the mailbox from marking the item completed, or if multiple users proxy to the 
mailbox, it can be used to ensure that only the user for whom the item was intended can 
complete it. 


In addition, if the users in your GroupWise system exchange messages with users in other 
GroupWise systems, you can set preferences to control what types of information pass between the 
two systems. For example, you can prevent external GroupWise users from performing busy 
searches or obtaining message delivery status. See Section 4.2, “System Preferences,” on page 72. 


See also Part XVIII, “Security Policies,” on page 1149. 


Message Security 1123 


1124 GroupWise 2012 Administration Guide 


Address Book Security 


One of the purposes of the Address Book is to make user information available to all GroupWise 
users. However, there might be types of information that you do not want to display. 
+ Section 86.1, “eDirectory Information Displayed in the Address Book,” on page 1125 
+ Section 86.2, “Suppressing the Contents of the User Description Field,” on page 1125 
+ Section 86.3, “Controlling Group Wise Object Visibility in the Address Book,” on page 1126 
+ Section 86.4, “Controlling GroupWise Object Visibility between GroupWise Systems,” on 
page 1126 


See also Part XVIII, “Security Policies,” on page 1149. 


86.1 eDirectory Information Displayed in the Address Book 


The Address Book displays information stored in Novell eDirectory for users, resources, and 
distribution lists in your GroupWise system. By default, the following information is displayed: 
* Name 
+ Office phone number 
+ Department 
+ Fax number 
+ User ID 


You can configure the Address Book to display more or less information to meet the needs of your 
users. See Section 6.1, “Customizing Address Book Fields,” on page 105. 


By default, all users, resources, and distribution lists that you create in eDirectory are displayed in 
the Address Book and are available to all Group Wise users. 


86.2 Suppressing the Contents of the User Description Field 


By default, when you display details about a user in the Address Book, the information in the 
Description field of the User object in eDirectory is displayed. If you keep confidential information in 
the Description field of the User object, you can prevent this information from appearing the 
GroupWise Address Book. See Section 6.1.6, “Preventing the User Description Field from Displaying 
in the Address Book,” on page 109. 
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86.3 SNS GroupWise Object Visibility in the Address 
Boo 


You might need to create users, resources, or distribution lists that are not available to all GroupWise 
users. You can accomplish this by restricting the set of users that can see such objects in the Address 
Book. You can make such objects visible only to the members of a domain, only to the members of a 
post office, or to no one at all. An object does not need to be visible to be addressable. For 
instructions, see Section 6.2, “Controlling Object Visibility,” on page 110. 


86.4 Controlling GroupWise Object Visibility between 
GroupWise Systems 


If you synchronize your GroupWise system with other GroupWise systems to simplify addressing 
for users of both systems, you can control what information from your Address Book you want to be 
available in the Address Books of other GroupWise systems. For instructions, see “Exchanging 
Information Between Systems” in “Connecting to Other GroupWise Systems” in the GroupWise 2012 
Multi-System Administration Guide. 
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87.1 


87.2 


GroupWise Administrator Rights 


To administer GroupWise, a user needs the appropriate file system rights and Novell eDirectory 
rights. The following sections provide information to help you configure GroupWise administrator 
rights to meet the needs of your environment: 

+ Section 87.1, “Setting Up a GroupWise Administrator as an Admin Equivalent,” on page 1127 

+ Section 87.2, “Assigning Rights Based on Administration Responsibilities,” on page 1127 

+ Section 87.3, “eDirectory Object and Properties Rights,” on page 1135 

+ Section 87.4, “Granting or Removing Object and Property Rights,” on page 1138 


See also Part XVIII, “Security Policies,” on page 1149. 


Setting Up a GroupWise Administrator as an Admin 
Equivalent 


The easiest way to ensure that a GroupWise administrator has all necessary eDirectory rights and file 
system rights is to make the administrator an Admin equivalent in eDirectory. Unless you have 
implemented multiple administrators who have different roles and access rights (for example, a 
server administrator, a printer administrator, and a GroupWise administrator), we suggest you make 
your GroupWise administrator an Admin equivalent. 


1 In ConsoleOne, right-click the GroupWise administrator’s User object, then click Properties. 
2 Click the Memberships tab, then click Security Equal To to display the Security Equal To page. 
3 Click Add to display the Select Objects dialog box. 
4 Browse for and select the Admin object, then click OK. 

The Admin object should now be displayed in the Security Equal To list. 
5 Click OK. 


Assigning Rights Based on Administration Responsibilities 


Making a GroupWise administrator an Admin equivalent in eDirectory gives the GroupWise 
administrator all eDirectory rights required to administer GroupWise. It also gives him or her full file 
system rights to servers that have associated objects in eDirectory. To increase security or to support a 
distributed administration model, you can restrict GroupWise administrators’ file system and 
eDirectory rights to only those required to administer GroupWise and assign rights to your 
GroupWise administrators based on their administration responsibilities. For example, 


* Ifyou have only one GroupWise administrator (a centralized GroupWise administration model), 
you can give the administrator rights only to the eDirectory objects and file systems that are 
used for GroupWise. 
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87.2.1 


87.2.2 


¢ If you have multiple administrators who are each responsible for a domain (a distributed 
GroupWise administration model), you can restrict their rights to only those eDirectory objects 
and file systems associated with their GroupWise domain. 


+ If you have one administrator whom you want to control all links between domains, you can 
assign rights to the eDirectory objects and file systems associated with domain links. 


The following two sections, Section 87.2.1, “File System Rights,” on page 1128 and Section 87.2.2, 
“eDirectory Rights,” on page 1128, provide general information about the file system rights and 
eDirectory object and property rights needed to perform GroupWise administration tasks. 


The final section, Section 87.2.3, “Common Types of GroupWise Administrators,” on page 1132, lists 
some common types of GroupWise administrators (for example, Domain administrator and Post 
Office administrator) and the specific file system and eDirectory rights they need. 


File System Rights 


A GroupWise administrator must have an account (or security equivalence) that provides the 
following rights to the directories listed below: 


Directory Linux Rights Windows Permissions 
Any GroupWise system directory the administrator is Read Full Control 
responsible for. This includes: Write 

Execute 


+ domain directories 
+ post office directories 
+ software distribution directories 


¢ library storage area directories 


Any directory in which the GroupWise agents are Read Full Control 
installed. Write 
Execute 


For Linux, the default directory is /opt /nove11/ 
groupwise/agents. 


For Windows, the default agent subdirectories are 
located under c: \Program 
Files\Novell\GroupWise Server. 


For information about managing the Linux agents as a non-root user, see “Running the Linux 
GroupWise Agents as a Non-root User” in “Installing GroupWise Agents” in the GroupWise 2012 
Installation Guide. 


eDirectory Rights 


The eDirectory object and property rights an administrator must have depend on the administrative 
tasks he or she needs to perform. In GroupWise administration, there are five basic tasks an 
administrator can perform: 


+ Create and delete objects (for example, domains, post offices, gateways, agents, libraries, 
resources, external entities, and distribution lists). 


* Modify object properties (for example, moving a GroupWise user from one post office to 
another or deleting a GroupWise user from a distribution list). 
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+ Modify link information (for example, defining whether Domain 1 links directly to Domain 3 or 
indirectly to Domain 3 through Domain 2). 


+ Perform system operations (for example, managing software distribution directories, creating 
administrator-defined fields, and setting up eDirectory user synchronization). 


+ Perform maintenance operations (for example, rebuilding domain and post office databases, 
analyzing and fixing user and message databases, and changing a user's client options). 


Creating and Deleting Objects 


The following rules apply to creating or deleting a GroupWise object (for example, domain, post 
office, gateway, agent, library, resource, external entity, or distribution list): 


+ To create a GroupWise object, the administrator must have Create object rights in the container 
where he or she is creating the object. To delete a GroupWise object, the administrator must have 
Delete object rights to the GroupWise object's container. 


+ If creating or deleting the object requires modification of a second object’s properties, the 
administrator must have Read and Write rights to the second object’s NGW: GroupWise ID 
property and all other affected properties. For example, when you create a distribution list, the 
list is assigned to a post office. Therefore, the administrator needs Read and Write rights to the 
post office object’s NGW: GroupWise ID property and NGW: Distribution List Member 


property. 


For information about giving a user rights to an object or an objects’s properties or restricting a user’s 
rights to an object or an object’s properties, see Section 87.4, “Granting or Removing Object and 
Property Rights,” on page 1138. 


Modifying Object Properties 


Each eDirectory object has certain properties that hold information about the object. For example, a 
User object includes Full Name, Given Name, Last Name, Network Address, and Title properties. 
The following rules apply to modifying an object’s properties: 


+ Each object has an NGW: GroupWise ID property. The administrator must always have Read 
and Write rights to the NGW: GroupWise ID property for the object being modified. Without 
rights to the NGW: GroupWise ID property, no modifications can be made to any of the object’s 
GroupWise properties. 


¢ The administrator must have Read and Write rights to the property being modified. For 
example, to change a user’s visibility within the GroupWise system, the administrator must 
have Read and Write rights to the user object’s NGW: GroupWise ID property and NGW: 
Visibility property. 

+ Ifthe modification affects a second object’s properties, the administrator must have Read and 
Write rights to the second object’s affected properties. For example, when you move a user from 
one post office to another, the move affects properties for 1) the User object, 2) the Post Office 
object from which you are moving the user (the source post office) and 3) the Post Office object 
to which you are moving the user (the target post office). Therefore, the administrator must have 
1) Read and Write rights for the User object’s NGW: GroupWise ID property and NGW: Post 
Office property, 2) Read and Write rights for the source post office object’s NGW: GroupWise ID 
property and Members property, and 3) Read and Write rights for the target post office object’s 
NGW: GroupWise ID property and Members property. 
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Modifications to an object can fail for the following reasons: 


* Theadministrator does not have the appropriate rights to the object's properties. For example, to 
restrict an administrator from moving a user from one post office to another, you could 1) not 
give the administrator Read and Write rights to the source or target post office object's NGW: 
Members property or 2) not give the administrator Read and Write rights to the user object's 
NGW: Post Office property. 


+ The administrator, in addition to modifying properties he or she has rights to, attempts to 
modify a property he or she does not have rights to modify. For example, if an administrator has 
rights to modify a user's mailbox ID and visibility but does not have rights to modify the 
mailbox expiration date, any modifications made to the mailbox ID and visibility fail if the 
administrator tries to modify the mailbox expiration date at the same time. 


In general, a GroupWise administrator should have Read and Write rights to all GroupWise 
properties for the objects he or she needs to administer. This ensures that the administrator can 
modify all GroupWise information for the objects. In addition, an administrator should also have 
Read and Write rights to other eDirectory properties used by GroupWise. For example, Full Name is 
an eDirectory User object property used by GroupWise. For a list of GroupWise objects, GroupWise 
object properties, associated eDirectory object properties, see Section 87.3, “eDirectory Object and 
Properties Rights,” on page 1135. 


For information about giving a user rights to modify an object’s properties or restricting a user's 
rights to modify an object’s properties, see Section 87.4, “Granting or Removing Object and Property 
Rights,” on page 1138. 


Modifying Link Information 


By default, when an administrator creates a domain or post office, the links to other domains or post 
offices are automatically created. Because there are many different ways you can configure your 
domain and post office links, you can use the Link Configuration utility to modify how domains and 
post offices are linked together. You can also use object and property rights to determine which 
administrators have the ability to modify link information. The following rules apply to modifying 
link information: 


¢ To modify the links for post offices within a domain, the administrator must have Read and 
Write rights to the NGW: GroupWise ID property for the Domain object and the Post Office 
objects. In addition, the administrator must have Write rights to the NGW: Link Configuration 
property for the Domain object. 


¢ To modify the links between domains, the administrator must have Read and Write rights to the 
NGW: GroupWise ID property for each Domain object, and Write rights to the NGW: Link 
Configuration property for each Domain object. 


Because correct domain and post office links are essential to the proper functioning of your 
GroupWise system, you might want to assign link configuration tasks to a single administrator and 
restrict other administrators’ abilities to modify link information. Or, if you have a multiple-domain 
system with multiple administrators, you could have one administrator responsible for all domain 
links and the other administrators responsible for the post office links for their domains. For 
information about giving a user rights to an object’s properties (or restricting a user’s rights to an 
object’s properties), see Section 87.4, “Granting or Removing Object and Property Rights,” on 

page 1138. 


Performing System Operations 


The system operations that a GroupWise administrator can perform in ConsoleOne are listed on the 
Tools > GroupWise System Operations menu. 
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The Select Domain, Pending Operations, and Restore Area Management operations are always available to 
GroupWise administrators. To perform any of the other system operations, an administrator must 
have Read and Write rights to the NGW: GroupWise ID property for the primary Domain object. In 
GroupWise systems that span multiple eDirectory trees, the administrator’s current tree must be the 
tree in which the primary Domain object is located. 


You can restrict the ability to perform system operations (other than Select Domain, Pending 
Operations, and Restore Area Management) to only those GroupWise administrators who connect to the 
primary domain database. To do so, you use the Restrict System Operations to Primary Domain option 
(Tools > GroupWise System Operations > System Preferences > Admin Lockout Settings). Administrators 
connected to secondary domain databases see the GroupWise System Operations menu with only the 
Select Domain, Pending Operations, and Restore Area Management options available. 
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For information about giving a user rights to an object's properties or restricting a user's rights to an 
object's properties, see Section 87.4, “Granting or Removing Object and Property Rights,” on 
page 1138. 


Performing Maintenance Operations 


To perform maintenance operations such as validating, recovering, or rebuilding domain databases; 
fixing user, resource, or post office databases; or changing a user's client options, an administrator 

must have Read and Write rights to the NGW: GroupWise ID property for the object being modified. 
For example, to rebuild a domain database, an administrator must have Read and Write rights to the 
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NGW: GroupWise ID property for the Domain object. Or, to change a user's client options, an 
administrator must have Read and Write rights to the NGW: GroupWise ID property for the User 
object. 


For information about giving a user rights to an object's properties or restricting a user's rights to an 
object's properties, see Section 87.4, “Granting or Removing Object and Property Rights,” on 
page 1138. 


87.2.3 Common Types of GroupWise Administrators 


The following sections provide information about assigning directory, object, and property rights to 
some common types of GroupWise administrators: 


+ “Domain Administrator” on page 1132 
+ “Post Office Administrator” on page 1133 
+ “Link Configuration Administrator” on page 1134 


Domain Administrator 


A Domain administrator is a GroupWise administrator who has all file system and eDirectory rights 
needed to create and maintain a single GroupWise domain. 


File System Rights 


A Domain administrator must have the file system rights listed in the following table: 


Directory Linux Rights Windows Permissions 
Any GroupWise system directory the administrator is Read Full Control 
responsible for. This includes: Write 
+ domain directories Execute 
+ post office directories 
+ software distribution directories 
+ library storage area directories 
If the domain is not yet created, it is necessary to give 
the administrator rights to the directories where it will be 
created. 
The GroupWise agent directories. Read Full Control 
A A ; Write 
For Linux, the default directory is /opt /nove11/ 
Execute 


groupwise/agents. 

For Windows, the default directory is c: Program 
Files\Novell\GroupWise Server\Agents. 
eDirectory Rights 

A Domain administrator must have Read and Write rights to properties for the objects listed below. 


+ Domain object: Only the domain that the administrator is responsible for unless he or she will 
also configure domain links. If so, the administrator also needs rights to the NGW: GroupWise 
ID and NGW: Link Configuration properties for the other Domain objects. 
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* Post Office objects: AIl post offices in the domain. 
+ Gateway objects: All gateways in the domain. 
+ User objects: All users in the domain. 
+ Resource objects: All resources in the domain. 
+ Distribution List objects: All distribution lists in the domain. 
+ Library objects: All libraries in the domain. 
+ Agent objects: All MTAs and POAs in the domain. 
+ External Entity objects: All resources in the domain. 
In most cases, the administrator does not need rights to all of the object properties. After reviewing 


the list of objects, if you want to restrict an administrator’s rights to only the required properties, see 
Section 87.3, “eDirectory Object and Properties Rights,” on page 1135. 


In addition, the administrator must have Create and Delete rights in any container in which one of 
the objects listed above will be created or deleted. 


For a listing of the explicit object properties to which the administrator must have rights, see 
Section 87.3, “eDirectory Object and Properties Rights,” on page 1135. 


Post Office Administrator 


A Post Office administrator is a GroupWise administrator who has all file system and eDirectory 
rights needed to create and maintain a single GroupWise post office. 


File System Rights 


A Post Office administrator must have the file system rights listed in the following table: 


Directory Linux Rights Windows Permissions 
The domain directory Read Full Control 
Write 
Execute 
The following directories: Read Full Control 
M A Write 
post office directory Execute 
+ library storage area directories for libraries 
assigned to the post office 
The directory for the Post Office Agent. Read Full Control 
Write 
For Linux, the default directory is /opt /nove11/ 
Execute 


groupwise/agents. 


For Windows, the default directory is c: Program 
Files\Novell\GroupWise Server\Agents. 


GroupWise Administrator Rights 1133 


eDirectory Rights 


A Post Office administrator must have Read and Write rights to properties for the objects listed 
below. 


In most cases, the administrator does not need rights to all of the object properties. After reviewing 
the list of objects, if you want to restrict an administrator’s rights to only the required properties, see 
Section 87.3, “eDirectory Object and Properties Rights,” on page 1135. 

* Post Office object: Only the post office that the administrator is responsible for. 

+ User objects: All users with accounts on the post office. 

+ Resource objects: All resources assigned to the post office. 

+ Distribution List objects: All distribution lists assigned to the post office. 

¢ Library objects: All libraries assigned to the post office. 

+ Agent objects: Only the post office’s POA. 

¢ External Entity objects: All external entities with accounts on the post office. 


In addition, the administrator must have Create and Delete rights in any container in which one of 
the objects listed above will be created or deleted. 


Link Configuration Administrator 


A Link Configuration administrator has all file system and eDirectory rights needed to create and 
maintain the links between GroupWise domains. 


File System Rights 


A Link Configuration administrator must have the file system rights listed in the following table: 


Directory Linux Rights Windows Permissions 


ConsoleOne and GroupWise Administrator snap-ins Read Not applicable 
Write 
Execute 


Domain directory Read Full Control 
Write 
Execute 


eDirectory Rights 


A Post Office administrator must have Read and Write rights to the properties for the objects listed 


below. 
Object Property 
Domain (all domains) NGW: GroupWise ID NGW: Link Configuration 
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87.3 


eDirectory Object and Properties Rights 


The table in this section lists the GroupWise objects and their properties. 


Some properties are specific only to GroupWise. GroupWise-specific properties begin with NGW or 


ngw. Other properties are common eDirectory properties used by GroupWise objects. Common 
eDirectory properties do not begin with NGW or ngw. 


Object 


Domain 


Post Office 


Property 


NGW 
NGW 
NGW 
NGW 
NGW 
NGW 
NGW 
NGW 


: File ID 

: GroupWise ID 

: Language 

: Link Configuration 
: Location 

: Time Zone ID 

: Type 

: Version 


ngwDefaultWebAccess 
CN (Common Name) 
Description Member 


NDA: 


NGW: 
NGW: 
NGW: 
NGW: 
NGW: 
NGW: 
NGW: 
NGW: 
NGW: 
NGW: 
NGW: 


Port 

Access Mode 
Distribution List Member 
Domain 

File ID 

GroupWise ID 
Language 

Library Member 
Location 
Resource Member 
Time Zone ID 
Version 


ngwDefaultWebAccess 


ngwL 


DAPServerAddress 


CN (Common Name) 
Description Member 
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Object Property 


Gateway NGW: Domain 
NGW: File ID 
NGW: GroupWise ID 
NGW: Language 
NGW: Location 
NGW: Platform 
NGW: Time Zone ID 
NGW: Type 
ngwProviderComm 
ndaReferenceList 
ndaServiceList 
ndaXISSettings 
CN (Common Name) 
Description 


User NGW: Account 
NGW: File ID 
NGW: Gateway Access 
NGW: GroupWise ID 
NGW: Mailbox Expiration Date 
NGW: Object ID 
NGW: Post Office 
NGW: Visibility 
ngWNLSinfo 
company 
Department 
Description 
EMail Address 
Fax Number 
General Oualifier 
Given Name 
homePhone (Home Phone) 
Initials 
Internet EMail Address 
L (Location) 
Last Name 
mobile (Mobile Phone) 
otherPhoneNumber (Other Phone) 
pager (Pager Number) 
personalTitle 
Physical Delivery Office Name (City) 
Postal Code (Zip Code) 
Postal Office Box (PO Box) 
S (State) 
SA (Street Address) 
Telephone 
Title 
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Object 


Resource 


Distribution List 


Library 


Agent 


Property 


NGW: File ID 

NGW: GroupWise ID 
NGW: Owner 

NGW: Post Office 
NGW: Type 

NGW: Visibility 

CN (Common Name) 
Description 


NGW: Blind Copy Member 
NGW: Carbon Copy Member 
NGW: GroupWise ID 

NGW: Post Office 

NGW: Visibility 

CN (Common Name) 
Description Member 


NGW: Archive Max Size 
NGW: Document Area Size 
NGW: File ID 

NGW: GroupWise ID 

NGW: Library Display Name 
NGW: Post Office 


NGW: Starting Version Number 


CN (Common Name) 
Description 
Member 


NGW: File ID 

NGW: GroupWise ID 
NGW: Platform 
NGW: Type 
ngwProxyServerAddress 
ndaServiceList 
ndaServiceList 
ndaXISSettings 

CN (Common Name) 
Description 

Network Address 
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Object Property 


External Entity NGW: Account ID 
NGW: External Net ID 
NGW: File ID 
NGW: GroupWise ID 
NGW: Mailbox Expiration Time 
NGW: Object ID 
NGW: Post Office 
NGW: Visibility 
company 
Department 
Description 
EMail Address 
Fax Number 
Generational Qualifier 
Given Name 
homePhone (Home Phone) 
Initials 
Internet EMail Address 
L (Location) 
Last Name 
mobile (Mobile Phone) 
otherPhoneNumber (Other Phone) 
pager (Pager Number) 
personalTitle 
Physical Delivery Office Name (City) 
Postal Code (Zip Code) 
Postal Office Box (PO Box) 
S (State) 
SA (Street Address) 
Telephone 
Title 


87.4 Granting or Removing Object and Property Rights 


You can use trustee assignments to grant or restrict rights to an object and its properties. The 
following steps provide one way to grant or remove a user's rights to an object or its properties. For 
additional methods, see your eDirectory documentation. 

1 Right-click the object in the eDirectory tree, then click Trustees of this Object. 

2 Click Add Trustee to display the Select Object dialog box. 


3 Browse for and select the User object, then click OK to display the Rights Assigned to Selected 
Objects dialog box. 


4 Setthe object and property rights you want. If necessary, add additional properties. Click Help 
for additional information. 


5 Click OK when you are finished. 
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GroupWise Agent Rights 


When you create domains and post offices, ConsoleOne creates the directory structures and Agent 
objects with all the reguired rights to enable the agents to function properly, regardless of link type 
between locations and including reguirements for Novell eDirectory user synchronization. No 
manual adjustment of agent rights is necessary in Group Wise 2012. 


You can check the POA’s rights to the post office directory by starting it using the /rights switch in the 
POA startup file. 


See also Part XVIII, “Security Policies,” on page 1149. 
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89.1 


89.1.1 


GroupWise User Rights 


GroupWise users reguire specific Novell eDirectory rights and, in some cases, specific file system 
rights in order for the GroupWise client to function properly. The following sections provide 
information about the reguired rights and how to supply them. 


+ Section 89.1, “eDirectory Rights,” on page 1141 
+ Section 89.2, “File System Rights,” on page 1143 


See also Part XVIII, “Security Policies,” on page 1149. 


eDirectory Rights 


By default, ConsoleOne is configured to automatically provide a Group Wise user's required 
eDirectory rights when you add the user to a post office. You can, however, configure GroupWise 
Administrator to not assign rights automatically, in which case you would need to manually assign 
eDirectory rights. 


The following sections provide information about how to configure ConsoleOne to automatically set 
GroupWise users’ eDirectory rights and how to manually set these rights: 


+ Section 89.1.1, “Configuring ConsoleOne to Automatically Set eDirectory Rights When Creating 
User Accounts,” on page 1141 


+ Section 89.1.2, “Manually Granting eDirectory Rights,” on page 1142 


Configuring ConsoleOne to Automatically Set eDirectory Rights When 
Creating User Accounts 


By default, the GroupWise Administrator snap-in for ConsoleOne is configured to automatically set 
the eDirectory rights required by a GroupWise user. This is done when you create the user's 
GroupWise account. 


For GroupWise Administrator to be able to set these rights, you must have sufficient administrative 
rights to eDirectory. If you don't have sufficient rights to manually set the user's access rights, 
GroupWise Administrator does not have sufficient rights to set them automatically. In general, we 
recommend that you be an Admin eguivalent. For more information, see Chapter 87, “GroupWise 
Administrator Rights,” on page 1127. 


If you choose not to grant eDirectory rights automatically, you should manually set the rights to 
ensure that users have appropriate access. For instructions, see Section 89.1.2, “Manually Granting 
eDirectory Rights,” on page 1142. 
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To configure whether or not Group Wise Administrator automatically assigns rights to users when 
you create GroupWise accounts: 


1 In ConsoleOne, click Tools > GroupWise System Operations > System Preferences to display the 
GroupWise System Preferences dialog box. 


GroupWise System Preferences 


Admin Lockout Settings Archive Service Settings 
ces i Routing Options | External Access Rights | Nickname Settings 


Set access rights automatically: 
o When creating a GroupWise user 


When creating or modifying objects, for network ID use: 
© Full Distinguished Name 


© Common Name 


Display Identity Manager (DirXML) warnings 


2 To have GroupWise Administrator automatically set access rights, select the Set Access Rights 
Automatically When Creating a GroupWise User option. 


or 


To turn off this option, deselect the Set Access Rights Automatically When Creating a GroupWise 
User option. 


3 Click OK to save your changes. 


89.1.2 Manually Granting eDirectory Rights 


At startup, the GroupWise client must know the following: 


+ The post office where the user has an account. 


+ Whether to connect to the user's post office in direct access mode or client/server access mode. 


The user can supply this information in the GroupWise Startup dialog box that appears or use the / 
ph-path_to_post_office, /ipa-IP_address, /ipp-TCP_port, and /@u-user_ID startup options. 


If you do not want users to be required to supply this information, you can give users rights to the 
eDirectory objects shown below. When a user has rights to the objects, the GroupWise client can read 
the object’s information in eDirectory to determine the user’s post office and access mode. This must 
have users to be logged in to eDirectory. 


Object and Properties Rights 
User object Browse 
NGW:Post Office Read 
Post Office object Browse 
NGW:Location Read 
NGW:Access Mode Read 
POA object Browse 
NGW:Type Read 
Network Address Read 
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89.2 


89.2.1 


GroupWise Name Server (ngwnameserver) 


The following information applies to users running the GroupWise client in client/server access 
mode. 


If you do not want to provide eDirectory rights to GroupWise users as explained above, or if you 
have GroupWise users who don't log in to eDirectory, you can set up a GroupWise name server. A 
GroupWise name server enables users to access their post office without knowing the IP address and 
port number of the POA. 


The GroupWise name server is a DNS host entry for one of the POAs in your GroupWise system. At 
startup, the GroupWise client automatically looks for the GroupWise name server. When a user 
reaches the POA designated as the GroupWise name server, the POA redirects the user to the IP 
address and port number of the POA that services the user’s post office. 


The primary GroupWise name server must be named ngwnameserver. You can set up one backup 
GroupWise name server and name it ngwnameserver2. Both POAs must use the default TCP port of 
1677. 


To set up a GroupWise name server: 


1 Use your tool of choice for modifying DNS. 


2 Create an entry for the IP address of the POA you want to designate as the primary GroupWise 
name server, then give it the hostname ngwnameserver. 


3 Create an entry for the IP address of the POA you want to designate as the backup GroupWise 
name server, then give it the hostname ngwnameserver2. 


File System Rights 


Listed below are the locations you need to consider when assigning file system rights to GroupWise 
users: 


+ Domain Directory: Users do not need file system access to the domain directory. 


* Post Office Directory: The recommended post office access mode for the GroupWise client is 
client/server (TCP/IP), which means that the user does not need file system access to the post 
office. Therefore, ConsoleOne does not assign any file system rights when you add a user to a 
post office. 


+ GroupWise Software Distribution Directory: If you want users to have file system rights to a 
GroupWise software distribution directory to install or run the GroupWise client, you need to 
manually assign rights. For instructions, see Section 89.2.1, “Granting File System Rights to the 
Software Distribution Directory,” on page 1143. 


+ Mailbox Backup Directory: For users to restore their mailbox from a network backup directory, 
they need the appropriate file system rights to the directory. For more information, see 
Section 89.2.2, “Granting File System Rights to the Mailbox Backup Directory,” on page 1144. 


Granting File System Rights to the Software Distribution Directory 


The software distribution directory contains the GroupWise client for Windows. To set up and run 
the GroupWise client, users need the directory rights listed in the table below. 


Directories Linux Rights Windows Permissions 


software distribution directory Read Read 
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89.2.2 


Directories Linux Rights Windows Permissions 
admin nnn No Access 
agents nnn No Access 
client Read Read 
ofviews Read Read 
win32 Read Read 
internet => wenn No Access 
domain nnn No Access 
PO nn No Access 


IMPORTANT: Users need rights only to the client directory and subdirectories. The other 
directories (admin, agents, domain, internet, and po) are administration directories that users 
should not have access to. 


Granting File System Rights to the Mailbox Backup Directory 


If you back up a user’s network mailbox, or a user backs up his or her local mailbox, to a network 
location, the user needs Read and Write file system rights to the backup directory in order to restore 
his or her mailbox. 
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90.1 


90.2 


Spam Protection 


Unwanted Internet email messages (spam) can be a distracting nuisance to GroupWise client users. 
Your first line of defense against spam is the Internet Agent (GWIA). Your second line of defense is 
the Junk Mail Handling feature of the GroupWise Windows client. 

+ Section 90.1, “Configuring the GWIA for Spam Protection,” on page 1145 

+ Section 90.2, “Configuring the GroupWise Client for Spam Protection,” on page 1145 


See also Part XVIII, “Security Policies,” on page 1149. 


Configuring the GWIA for Spam Protection 


In ConsoleOne, you can configure the GWIA to reject messages in certain situations: 
+ Messages are received from known open relay hosts or spam hosts (GWIA object > Access 
Control > Blacklists). 


+ Messages are received from any hosts that you specifically do not want to receive messages from 
(GWIA object > Access Control > Default Class of Service > Edit > Allow Incoming Messages, Prevent 
Incoming Messages, and Exceptions). 


* Messages are received through an anti-spam service that uses an “X” header field to identify 
potential spam (GWIA object > SMTP/MIME > Settings > Junk Mail). 


¢ Thirty messages are received within 10 seconds from the same sending host (GWIA object > 
SMTP/MIME Settings > Security Settings). The number of message and the time interval can be 
modified to identify whatever you consider to be a potential mailbomb. 


+ Messages are received from SMTP hosts that are not using the AUTH LOGIN host 
authentication method (/forceinboundauth startup switch). 


* The sender’s identify cannot be verified (GWIA object > SMTP/MIME Settings > Security 
Settings). 


For detailed setup instructions on these anti-spam security measures, see Section 54.2, “Blocking 
Unwanted Email from the Internet,” on page 798. 


Messages that are identified as spam by the GWIA are not accepted into your GroupWise system. 


Configuring the GroupWise Client for Spam Protection 


The Junk Mail Handling feature (Windows client > Tools > Junk Mail Handling) provides users with 
the following options for dealing with unwanted messages that have not been stopped by the GWIA: 


¢ Individual email addresses or entire Internet domains can be placed on the user’s Block List. 
Messages from blocked addresses never arrive in the user’s mailbox. 
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* Individual email addresses or entire Internet Domains can be placed on the user's Junk List. 
Messages from these addresses are automatically delivered to the Junk Mail folder in the user's 
mailbox. The user can configure automatic deletion of items in the Junk Mail folder and can also 
create rules to act on items placed in the Junk Mail folder. 


+ Messages from users whose addresses are not in the user's personal address books can be 
automatically delivered to the Junk Mail folder. 


The Junk Mail Handling feature in the GroupWise Windows client is enabled by default, although 
you can control its functionality in ConsoleOne (Domain, Post Office, or User object > Tools > 
GroupWise Utilities > Client Options > Environment > Junk Mail). 


For detailed usage instructions for the Junk Mail Handling feature in the GroupWise client, see 
“Handling Unwanted Email (Spam)” in “Email” in the Group Wise 2012 Windows Client User Guide. 


NOTE: The Junk Mail Handling feature is not available in WebAccess. 
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Virus Protection 


Virus protection for your GroupWise system is provided by third-party products. For information 
about security products for use with your GroupWise system, see the Novell Partner Product Guide 
(http://www.novell.com/partnerguide/) and the Novell Open Enterprise Server Partner Support site 
(http://www.novell.com/products/openenterpriseserver/partners). 


See also Part XVIII, “Security Policies,” on page 1149. 
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Security Policies 


* Chapter 92, “Securing GroupWise Data,” on page 1151 

+ Chapter 93, “Securing GroupWise Agents,” on page 1153 

+ Chapter 94, “Securing GroupWise System Access,” on page 1155 
* Chapter 95, “Secure Migrations,” on page 1157 

+ Chapter 96, “Undocumented Diagnostic Tools,” on page 1159 


See also Part XVII, “Security Administration,” on page 1095. 


For additional assistance in managing your GroupWise system, see GroupWise Best Practices (http:// 
wiki.novell.com/index.php/GroupWise). 
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92.1 


92.2 


92.3 


Securing GroupWise Data 


+ Section 92.1, “Limiting Physical Access to GroupWise Servers,” on page 1151 
+ Section 92.2, “Securing File System Access,” on page 1151 


+ Section 92.3, “Securing Domains and Post Offices,” on page 1151 


Limiting Physical Access to GroupWise Servers 


Servers where GroupWise data resides should be kept physically secure, where unauthorized 
persons cannot gain access to the server consoles. 


Securing File System Access 


In ConsoleOne, Server objects for servers where GroupWise domains, post offices, and agents reside 
should be assigned appropriate trustees and rights to prevent access from unauthorized persons. 


For additional data security, encrypted file systems should be used on servers where GroupWise 
domains, post offices, and agents reside. Only GroupWise administrators should have direct access 
to GroupWise data. 


Securing Domains and Post Offices 


In ConsoleOne, administrators in addition to the Admin user should be given rights judiciously, as 
described in Chapter 87, “GroupWise Administrator Rights,” on page 1127. 


The POA should be configured for client/server access, so that GroupWise users do not require any 
direct access to any databases in the post office. For more information, see Section 36.2.1, “Using 
Client/Server Access to the Post Office,” on page 494. 
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3 Securing GroupWise Agents 


93.1 


93.2 


93.3 


Section 93.1, “Setting Up SSL Connections,” on page 1153 

Section 93.2, “Protecting Agent Web Consoles,” on page 1153 

Section 93.3, “Protecting Agent Startup and Configuration Files,” on page 1153 
Section 93.4, “Protecting Agent and Application Log Files,” on page 1154 
Section 93.5, “Protecting Agent Processes on Linux,” on page 1154 


Section 93.6, “Protecting Trusted Applications,” on page 1154 


Setting Up SSL Connections 


All of the GroupWise agents should be configured to use SSL connections, as described in: 


+ 


+ 


+ 


+ 


+ 


“Securing the Post Office with SSL Connections to the POA” on page 508 

“Securing the Domain with SSL Connections to the MTA” on page 643 

Section 48.2.3, “Securing Document Conversion with SSL Connections,” on page 721 
“Securing GWIA Connections with SSL” on page 812 

“Configuring Authentication and Intruder Lockout for the Monitor Web Console” on page 964 


Protecting Agent Web Consoles 


If you do not provide passwords on the GroupWise agent Web consoles, unauthorized persons can 
access them by simply knowing the IP address or hostname of the machine where the agent runs, 
along with the HTTP port the agent is using. Set up GroupWise agent Web consoles with passwords 
as described in: 


+ 


+ 


+ 


+ 


+ 


“Using the POA Web Console” on page 539 

“Using the MTA Web Console” on page 669 

Section 49.2, “Using the DVA Web Console,” on page 725 

“Using the GWIA Web Console” on page 827 

“Configuring Authentication and Intruder Lockout for the Monitor Web Console” on page 964 


Protecting Agent Startup and Configuration Files 


The startup and configuration files for all GroupWise agents should be protected from tampering. 
See the following sections for the default locations of the agent startup and configuration files: 


+ 


+ 


Chapter 40, “Using POA Startup Switches,” on page 581 
Chapter 45, “Using MTA Startup Switches,” on page 693 
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+ Chapter 51, “Using Document Viewer Agent Startup Switches,” on page 731 
* Chapter 59, “Using GWIA Startup Switches,” on page 851 
+ Chapter 73, “Using Monitor Agent Startup Switches,” on page 1003 


93.4 Protecting Agent and Application Log Files 


The log files for all GroupWise agents and Web applications should be protected against access by 
unauthorized persons. Some contain very detailed information about your GroupWise system and 
GroupWise users. See the following sections for the default locations of the agent and application log 
files: 

+ Section 37.3, “Using POA Log Files,” on page 551 

+ Section 43.3, “Using MTA Log Files,” on page 677 

+ Section 49.3, “Using DVA Log Files,” on page 727 

+ Section 56.6, “Using GWIA Log Files,” on page 833 

+ Section 63.2, “Using WebAccess Application Log Files,” on page 918 

+ Section 65.2, “Using Calendar Publishing Host Log Files,” on page 932 

+ Section 69.9, “Configuring Monitor Agent Log Settings,” on page 965 

+ Section 70.5, “Configuring Monitor Application Log Settings,” on page 971 


93.5 Protecting Agent Processes on Linux 


On Linux, the GroupWise agents are installed to run as the root user by default. This is not a secure 
configuration. Immediately after installation, you should set up a non-root user for the agents to run 
as, as described in “Running the Linux GroupWise Agents as a Non-root User” in “Installing 
GroupWise Agents” in the GroupWise 2012 Installation Guide. 


93.6 Protecting Trusted Applications 


Trusted applications are third-party programs that can log in to POAs and GWIAs in order to access 
GroupWise mailboxes. For background information, see Section 4.12, “Trusted Applications,” on 
page 90. 


Trusted applications log in to GroupWise agents by using trusted application keys that are created 
when the trusted application is created. It is essential that these keys are protected and not allowed to 
become public. Steps you can take to protect trusted application keys include: 

¢ Associating the trusted application key with a single IP address whenever possible 


+ Reviewing third-party log files for sensitive data such as the key before sharing them with 
others 


* Not sharing trusted application keys with others for any reason 


+ Removing old keys that are no longer needed 
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94.1 


94.2 


94.3 


Securing GroupWise System Access 


+ Section 94.1, “Using a Proxy Server with Client/Server Access,” on page 1155 

+ Section 94.2, “Using LDAP Authentication for GroupWise Users,” on page 1155 
+ Section 94.3, “Managing Mailbox Passwords,” on page 1155 

+ Section 94.4, “Enabling Intruder Detection,” on page 1156 


Using a Proxy Server with Client/Server Access 


POAs in your GroupWise system should be located behind your firewall. If GroupWise client users 
want to access their GroupWise mailboxes from outside your firewall using the Windows client, you 
should set up a proxy server outside your firewall to provide access, as described in Section 36.3.1, 
“Securing Client/Server Access through an External Proxy Server,” on page 506. GroupWise 
WebAccess users access their GroupWise mailboxes through their Web browsers, so your Web server 
handles the access issues for such users. 


Using LDAP Authentication for GroupWise Users 


LDAP authentication provides a more secure method of mailbox access than standard GroupWise 
authentication, which is the default when you set up your GroupWise system. Therefore, you should 
implement LDAP authentication, as described in Section 36.3.4, “Providing LDAP Authentication for 
GroupWise Users,” on page 510. 


On the Post Office object, the LDAP user name that you provide on the Security property page 
should be granted only browser rights in the eDirectory tree. The password for the LDAP user 
should be long and randomly generated. 


On the LDAP Server object, Require TLS for All Operations should be selected on the SSL/TLS 
Configuration property page. On the LDAP Group object, Require TLS for Simple Binds with Password 
should be selected. 


On your LDAP servers, the trusted root certificate file should be write protected so that it cannot be 
tampered with. 


Managing Mailbox Passwords 


GroupWise offers varying levels of password security, as described in Section 82.1, “Mailbox 
Passwords,” on page 1099. Make sure that you understand the options available to you and that you 
select the level of password security that is appropriate to your GroupWise system. 
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94.4 Enabling Intruder Detection 


You can configure the POA to lock out a user that provides the wrong mailbox password too many 
times, as described in Section 36.3.5, “Enabling Intruder Detection,” on page 516. 
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95.1 


95.1.1 


95.1.2 


Secure Migrations 


+ Section 95.1, “GroupWise Server Migration Utility,” on page 1157 


GroupWise Server Migration Utility 


During its operation, the GroupWise Server Migration Utility prompts for some restricted-access 
information. It also modifies critical GroupWise agent startup files. This section explains why. 


+ Section 95.1.1, “Source Server Credentials,” on page 1157 
+ Section 95.1.2, “Destination Server root Password,” on page 1157 


+ Section 95.1.3, “Agent Startup Files,” on page 1158 


For more information about the GroupWise Server Migration Utility, see the GroupWise Server 
Migration Guide. 


Source Server Credentials 


The Server Migration Utility prompts for a user ID and password that provides read/write access to 
the NetWare or Windows server so that the Linux server can mount the source server with read/write 
access. 


In addition, the Server Migration Utility needs read/write access to the domain or post office 
directory that is being migrated. Read/write access enables the Server Migration Utility to copy the 
contents of the post office directory or domain directory, including the post office database and 
domain database, so that file locking is respected while the data is being copied. File locking prevents 
database damage. 


Destination Server root Password 


The Server Migration Utility prompts for the root password so that it can mount the NetWare 
volume or the Windows share to the Linux file system. It also needs the root password in order to 
communicate with the SSH (secure shell) daemon on the Linux server. The SSH daemon allows root 
access for the utility to install the GroupWise RPMs, to run the programs required for migration 
locally on the Linux server, and to create and save the Linux agent startup files. 


In addition, root permissions might be required to write the post office or domain data to the Linux 
server, depending on where the user decided to locate the post office or domain. After the migration, 
the user can configure the GroupWise agents to run as a non-root user for improved security, as 
described in “Running the Linux GroupWise Agents as a Non-root User” in “Installing GroupWise 
Agents” in the GroupWise 2012 Installation Guide. 
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95.1.3 Agent Startup Files 


When the Server Migration Utility migrates an agent, the only change it makes to its startup file is to 
modify the --home switch to point to the new location of the post office or domain on the Linux 
server. Existing switch settings are retained, except for paths and IP addresses that would be invalid 
in the new Linux environment. 
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6 Undocumented Diagnostic Tools 


In ConsoleOne, under Tools > GroupWise Diagnostics, a set of tools is available for use by Novell 
support engineers when attempting to diagnose or correct problems in a customer’s GroupWise 


system. These tools are not intended for use by GroupWise customers without supervision. These 
tools are not documented. 
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X | X Appendixes 


+ Appendix A, “GroupWise Port Numbers,” on page 1163 
+ Appendix B, “GroupWise URLs,” on page 1177 


+ Appendix C, “Linux Commands, Directories, and Files for GroupWise Administration,” on 
page 1179 


+ Appendix D, “Documentation Updates,” on page 1185 


Appendixes 1161 


1162 GroupWise 2012 Administration Guide 


A GroupWise Port Numbers 


A.1 


A.1.1 


+ Section A.1, “Opening Ports for GroupWise Agents and Applications,” on page 1163 

+ Section A.2, “Protocol Flow Diagram with Port Numbers,” on page 1166 

+ Section A.3, “Post Office Agent Port Numbers,” on page 1167 

+ Section A.4, “Message Transfer Agent Port Numbers,” on page 1169 

+ Section A.5, “Document Viewer Agent Port Numbers,” on page 1170 

+ Section A.6, “Internet Agent Port Numbers,” on page 1170 

+ Section A.7, “WebAccess Application Port Numbers,” on page 1172 

+ Section A.8, “Calendar Publishing Host Port Numbers,” on page 1172 

+ Section A.9, “Monitor Agent Port Number,” on page 1173 

+ Section A.10, “Monitor Application Port Numbers,” on page 1173 

+ Section A.11, “GroupWise High Availability Service Port Number (Linux Only),” on page 1173 
+ Section A.12, “Port Numbers for Products Frequently Used with GroupWise,” on page 1174 


Opening Ports for GroupWise Agents and Applications 


When you install Group Wise agents or applications on a server where a firewall is enabled, you must 
make sure that the firewall is configured to allow communication on the ports used by the 
GroupWise agents and applications on the server. 


+ Section A.1.1, “Opening Ports on OES Linux,” on page 1163 
+ Section A.1.2, “Opening Ports on SLES,” on page 1164 
+ Section A.1.3, “Opening Ports on Windows,” on page 1165 


Opening Ports on OES Linux 


The following procedure is an example of how to open ports through a firewall on Novell Open 
Enterprise Server (OES) Linux. The exact procedure for your specific version of OES might be slightly 
different. 


1 In YaST, click Security and Users > Firewall. 
2 In the left panel, click Allowed Services. 
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3 (Conditional) To open the port for Samba, so that ConsoleOne can access domain and post office 
directories on this server from a remote server: 


ga Inthe Service to Allow drop-down list, click Samba Server, then click Add. 


4 (Conditional) To open ports for a Web browser for Group Wise WebAccess or for the agent Web 
consoles: 


4a In the Service to Allow drop-down list, select HTTP Server (for a non-secure HTTP 
connection), then click Add. 


4b Inthe Service to Allow drop-down list, select HTTPS Server (for a secure SSL connection), 
then click Add. 


5 (Conditional) To open ports for the GWIA: 


5a In the Service to Allow drop-down list, select IMAP Server (for a non-secure IMAP 
connection), then click Add. 


5b Inthe Service to Allow drop-down list, select IMAPS Server (for a secure SSL IMAP 
connection), then click Add. 


5c In the Service to Allow drop-down list, click LDAP Server (for a non-secure LDAP 
connection), then click Add. 


5d Inthe Service to Allow drop-down list, click LDAPS Server (for a secure LDAP connection), 
then click Add. 


5e In the Service to Allow drop-down list, click Mail Server, then click Add. 


sf In the Service to Allow drop-down list, click POP3 Server (for a non-secure POP3 connection) 
then click Add. 


5g In the Service to Allow drop-down list, click POP3S Server (for a secure POP3 connection), 
then click Add. 


6 (Conditional) To open ports for the other GroupWise agents: 
Ga Click Advanced. 


6b Inthe TCP Ports field, list the port numbers, in a space-delimited list, for the GroupWise 
agents on this server, as provided in Appendix A, “GroupWise Port Numbers,” on 
page 1163. 


6c Click OK. 


7 After you have opened all the ports that Group Wise components need to communicate through 
on this server, click Next. 


8 Review the list of services and ports that you have configured for this server, then click Accept. 


A.1.2 Opening Ports on SLES 


The following procedure is an example of how to open ports through a firewall on SUSE Linux 
Enterprise Server (SLE). The exact procedure for your specific version of SLES might be slightly 
different. 

1 In YaST, click Security and Users > Firewall. 

2 In the left panel, click Allowed Services. 


3 (Conditional) To open ports for Samba, so that ConsoleOne can access domain and post office 
directories on this server from a remote server: 


3a In the Service to Allow drop-down list, select Samba Client, then click Add. 
3b In the Service to Allow drop-down list, click Samba Server, then click Add. 
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4 (Conditional) To open ports for a Web browser for Group Wise WebAccess or for the agent Web 
consoles: 


4a In the Service to Allow drop-down list, select HTTP Server (for a non-secure HTTP 
connection), then click Add. 


4b Inthe Service to Allow drop-down list, select HTTPS Server (for a secure SSL connection), 
then click Add. 


5 (Conditional) To open ports for the Group Wise agents and applications: 
5a Click Advanced. 


5b Inthe TCP Ports field, list the port numbers, in a space-delimited list, for the GroupWise 
agents and applications on this server, as provided in Appendix A, “GroupWise Port 
Numbers,” on page 1163. 


5c Click OK. 


6 After you have opened all the ports that GroupWise components need to communicate through 
on this server, click Next, then click Finish. 


A.1.3 Opening Ports on Windows 


The following procedure is an example of how to open ports through a firewall on Windows Server. 
The exact procedure for your specific version of Windows Server might be slightly different. 

On the Start menu, click Control Panel, then under System and Security, click Check firewall status. 
In the left panel, click Advanced Settings to open Windows Firewall with Advanced Security. 

In the left panel, click Inbound Rules. 

Click Action > New Rule. 

Select Port, then click Next. 

Make sure that TCP is selected. 


N Oo GI R WN F 


In the Specific local ports field, list the port numbers, in a comma-delimited list, for the 
GroupWise agents and applications on this server, as provided in this appendix, then click Next. 


0 


Accept the default of Allow the connection, then click Next. 


9 Acceptthe default for when the rule applies, or change it depending on your security 
preferences for the GroupWise agents and applications, then click Next. 


10 Inthe Namefield, specify a unigue name for this set of port numbers, such as GroupWise Ports, 
then click Finish. 
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A.2 Protocol Flow Diagram with Port Numbers 


Click here to display a high-resolution, printable version. 
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See also Section A.12, “Port Numbers for Products Freguently Used with GroupWise,” on page 1174. 
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A.3 Post Office Agent Port Numbers 


Properties of POA 
GroupWise v | NDS Rights ~ | Other | Rights to Files and Folders 
Network Address 
TCP/IP Address: [172.16.5.18 
External IP Address: | 
IPX/SPX Address: | 


[0 Bind Exclusively to TCP/IP Address 

Port ssl ‘SSL Port 
Message Transfer: 7101 5 Disabled % | 
HTTP: 7181 (S| [Disabled v | 


Internal Client/Server: 1577] Enabled | 


External Client/Server: og Enabled v) 


IMAP: 1431 Disabled v | 
Internal SOAP: [ 7191]8) [Disabled v | 
External SOAP: [ 7191 $ 


Calendar Publishing: | 7171 E 


ok) [cancel] [apply J L_Hele J 


Protoco Default TCP SSL Description 
l Port 1 Availabl 
Number UDP e? 


MTP 7101 TCP Yes Message Transfer Protocol 
Communication between the POA and the MTA 


“Using TCP/IP Links between the Post Office and 
the Domain” on page 487 


HTTP 7181 TCP Yes Hypertext Transfer Protocol 
POA Web console 


Section 37.2, “Using the POA Web Console,” on 


page 539 
Internal 1677 TCP Yes Local communication between the POA and 
Client/ / GroupWise clients 
Server UDP à | | 
Section 36.2.1, “Using Client/Server Access to the 
Post Office,” on page 494 
External 0 TCP Yes External communication between the POA and 
Client/ / GroupWise clients (administrator-defined port 
Server UDP number) 


Section 36.3.1, “Securing Client/Server Access 
through an External Proxy Server,” on page 506 
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Protoco Default TCP 
l Port l 
Number UDP 

IMAP 143 TCP 
/ 

IMAP 993 UDP 

SSL 

SOAP 7191 TCP 

Calenda 7171 TCP 

r 

Publishi 

ng 

SNMP 161 TCP 
/ 
UDP 
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SSL 
Availabl 
e? 


No 


Yes 


Yes 


No 


No 


Description 


Internet Message Access Protocol 


Communication between the POA and IMAP 
clients such as such as Netscape Mail, Eudora 
Pro, Microsoft Outlook, and Entourage 


Section 36.2.3, “Supporting IMAP Clients,” on 
page 498 


Simple Object Access Protocol 


Communication between the POA and SOAP 
clients such as Evolution and the Novell Data 
Synchronizer Connector for GroupWise 


Section 36.2.4, “Supporting SOAP Clients,” on 
page 499 


Calendar Publishing Protocol 


Communication between the POA and the 
Calendar Publishing Host 


“Connecting the Calendar Publishing Host to a 
POA” and Section 64.1.2, “Changing Post Office 
Settings,” on page 924 


Simple Network Management Protocol 


Communication between the POA and an SNMP 
management console 


Section 37.6, “Using an SNMP Management 
Console,” on page 553 


A.4 Message Transfer Agent Port Numbers 


Properties of MTA 


GroupWise + 
Network Address 


TCPAP Address: 
IPX/SPX Address: 


NDS Rights ~ | Other | Rights to Files and Folders 


[172.16.5.18 


I Bind Exclusively to TCPAP Address 


Message Transfer: 


HTTP: 


Page Options... 


Port 
7100 +] 


SSL 


Disabled 7 | 


[ 7180 $ 


Disabled + | 


Protoco 
l 


MTP 


HTTP 


SNMP 


Default 
Port 
Numbe 
r 


7100 


7180 


161 


Cancel 


Apply 


TC 


P/ 
UD 


SSL 
Availabl 
e? 


Yes 


Yes 


No 


Description 


Message Transfer Protocol 
Communication between the MTA and the POA 


“Using TCP/IP Links between Domains” on 
page 632 and “Using TCP/IP Links between a 
Domain and its Post Offices” on page 637 


Hypertext Transfer Protocol 
MTA Web console 


Section 43.2, “Using the MTA Web Console,” on 
page 669 


Simple Network Management Protocol 


Communication between the MTA and an SNMP 
management console 


Section 43.6, “Using an SNMP Management 
Console,” on page 679 
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A.5 Document Viewer Agent Port Numbers 


Protoco Default TC SSL Description 
l Port P/ Availabl 
Number UD e? 


P 
HTTP 8301 TC Yes Hypertext Transfer Protocol 
P 
Communication between the DVA and the POA or 
the WebAccess Application 
Section 49.2, “Using the DVA Web Console,” on 
page 725 
HTTP 8302- TC Yes Hypertext Transfer Protocol 
8306 P 


Default DVA worker threads 


Section 50.1, “Controlling Thread Usage,” on 
page 729 


A.6 Internet Agent Port Numbers 


Properties of GWIA 


LDAP | POPS1MAP4 | Server Directories | Access Control + | Reattach | Post Office Links | Groupwise ~ | NDS/ 
| Network Address 


TCPIP Address: [iba-nw 


IPX/SPX Address: 
I Bind Exclusively to TCPAP Address 


Port SSL SSL Port 
Message Transfer: Disabled x | 


HTTP: $| [Disabled | 


SMTP: Disabled 7 | 


POP: Disabled 7 | 


IMAP: Disabled x | 


LDAP: Disabled 7 | 


Page Options... Cancel Apply 
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Protoco Default TC SSL Description 
l Port P/ Availabl 
Number UD e? 


P 
MTP Oor TC Yes Message Transfer Protocol 
7102 P 
Communication between the GWIA and the MTA 
The default port number of 0 (zero) configures a 
direct connection between the GWIA and the MTA, 
rather than using TCP/IP. Port number 7102 is an 
example of an administrator-defined MTP port 
number for a TCP/IP connection. 
Section 55.1, “Changing the Link Protocol between 
the GWIA and the MTA,” on page 809 
HTTP 9850 TC Yes Hypertext Transfer Protocol 
P 
GWIA Web console 
Section 56.2, “Using the GWIA Web Console,” on 
page 827 
SMTP 25 TC Yes Simple Mail Transfer Protocol 
P/ 
UD Communication between the GWIA and email 
p systems across the Internet 
Section 53.1, “Configuring SMTP/MIME Services,” 
on page 757 
POP 110 TC Yes Post Office Protocol 
P/ 
POP 995 UD Communication between the GWIA POP email 
SSL p clients 
Section 53.2, “Configuring POP3/IMAP4 Services,” 
on page 777 
IMAP 143 TC No Internet Message Access Protocol 
P/ 
IMAP 993 UD Yes Communication between the GWIA and IMAP 
SSL p clients such as such as Netscape Mail, Eudora 
Pro, Microsoft Outlook, and Entourage 
Section 53.2, “Configuring POP3/IMAP4 Services,” 
on page 777 
LDAP 389 TC Yes Lightweight Directory Access Protocol 
P 
LDAP 636 LDAP server supporting LDAP gueries for 
SSL GroupWise user information contained in the 


GroupWise Address Book 


Section 53.3, “Configuring LDAP Services,” on 
page 782 
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Protoco Default 
l Port 
Number 


SNMP 161 


TC 
PI 
UD 
P 


TC 


SSL 
Availabl 
e? 


No 


Description 


Simple Network Management Protocol 


P/ 
UD 
P 


Communication between the GWIA and an SNMP 
management console 


Section 37.6, “Using an SNMP Management 
Console,” on page 553 


A.7 WebAccess Application Port Numbers 


TC 


SSL 


Protoco Default 


PI 
UD 


Availabl 
e? 


No 


Description 


Hypertext Transfer Protocol 


l Port 
Number 

HTTP 80 

HTTP 443 


Yes 


GroupWise WebAccess user interface 


Section 63.1, “Using the WebAccess Application 


Web Console,” on page 917 


A.8 Calendar Publishing Host Port Numbers 


Protoco Default 


l Port 
Numbe 
r 

HTTP 80 

HTTP 443 


SSL 
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SSL 
Availabl 
e? 

No 


Yes 


Description 


Hypertext Transfer Protocol 
Calendar Publishing Host user interface 


Calendar Publishing Ouick Start (http:// 
wwwtest.provo.novell.com/documentation/ 
groupwise2012/pdfdoc/gw2012 gs calpubuser/ 
gw2012 gs calpubuser.paf) 


Calendar Publishing Host administrator interface 


Section 64.1.1, “Logging In to the Administration 
Web Console,” on page 923 


A.9 Monitor Agent Port Number 


Protoco Default TC 


HTTP 


Port PI 

Number UD 
P 

8200 TC 
P 


SSL 
Availabl 
e? 


Yes 


Description 


Hypertext Transfer Protocol 
Monitor Agent Web console 


Chapter 68, “Understanding the Monitor Agent 


Consoles,” on page 941 


A.10 Monitor Application Port Numbers 


Protoco Default 
l 


HTTP 


HTTP 
SSL 


Port 
Number 


80 
443 


TC 
PI 
UD 
P 


TC 
P 


SSL 
Availabl 
e? 

No 


Yes 


Description 


Hypertext Transfer Protocol 
Monitor Web console 


Chapter 68, “Understanding the Monitor Agent 
Consoles,” on page 941 


A.11 GroupWise High Availability Service Port Number (Linux 


Only) 


Protoco Default TC 


HTTP 


Port 
Numbe 
r 


8400 


PI 
UD 
P 


TC 


SSL 
Availabl 
e? 


No 


Description 


Hypertext Transfer Protocol 


P 


Communication between the Monitor Agent and 
the GroupWise High Availability service (gwha) 
(Linux only) 


“Configuring the Monitor Agent to Communicate 
with the GroupWise High Availability Service” in 
“Installing GroupWise Agents” in the GroupWise 
2012 Installation Guide 
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A.12 Port Numbers for Products Frequently Used with 


GroupWise 


+ Section A.12.1, “Novell Messenger Port Number,” on page 1174 


+ Section A.12.2, “Novell Data Synchronizer Port Numbers,” on page 1174 


+ Section A.12.3, “BlackBerry Enterprise Server for Novell GroupWise Port Number,” on 


page 1175 


A.12.1 Novell Messenger Port Number 


Protoco Default 

l Port 
Numbe 
r 


HTTP 8300 


TC 
PI 
UD 
P 


TC 
P 


SSL 
Availabl 
e? 


No 


Description 


Hypertext Transfer Protocol 


Communication between the Messaging Agent 
and Messenger clients. 


“Using the Novell Messenger Download Page” in 
“Managing Messenger Client Users” in the Novell 
Messenger 2.2 Administration Guide 


A.12.2 Novell Data Synchronizer Port Numbers 


Protoco Default 

l Port 
Numbe 
r 

HTTP 8120 

TCP 4500 

HTTP 80 

HTTP 443 


SSL 
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TC 


TC 


SSL 
Availabl 
e? 


Yes 


No 


No 


Yes 


Description 


Hypertext Transfer Protocol 
Synchronizer Web Admin 


“Synchronizer Web Admin” in Mobility Pack 
Administration Guide 


Proprietary TCP protocol 


Communication between the GroupWise 
Connector and the POA. 


“GroupWise Post Office Agent” in “Planning a Data 
Synchronizer System” in the Mobility Pack 
Installation Guide 


Hypertext Transfer Protocol 


Communication between the Mobility Connector 
and mobile devices 


“Mobile Device Port” in “Planning a Data 
Synchronizer System” in the Mobility Pack 
Installation Guide 


A.12.3 BlackBerry Enterprise Server for Novell GroupWise Port Number 


Protoco Default TC SSL Description 
| Port PI Availabl 
Numbe UD e? 


r P 
TCP 3101 TC Yes Proprietary TCP protocol 
P 


Communication between BlackBerry Enterprise 
Server and BlackBerry devices 


BlackBerry Enterprise Server for Novell 
GroupWise Administration Guide (http:// 
docs.blackberry.com/en/admin/deliverables/20840/ 
BlackBerry Enterprise Server for Novell Group 
Wise-NO MAPTITLES BLOBID-T813841- 
813841-0921092848-001-5.0.1-US.pdf) 
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GroupWise URLs 


Administrator URLS 


In a URL, an agent server can be specified by its IP address or DNS hostname. The port numbers 
listed below are the default port numbers. 


URL 

http://poa server:7181 

http://mta server:7180 

http://agent server:8301 

http://gwia server:9850 
http://webaccess server/gw/ 
webacc?action=Admin.Open 
http://monitor server:8200 
http://monitor server/gwmon/gwmonitor 
http://calpubhost server/gwcal/admin 
User URLS 

URL 

http://webaccess server/gw/webacc 


http://calpubhost server/gwcal/calendar 


http://calpubhost server/gwcal/freebusy/ 
user id@internet domain 


Web Page 

POA Web Console 
MTA Web Console 
DVA Web Console 
GWIA Web Console 


WebAccess Application Web Console 


Monitor Agent Web Console 
Monitor Web Console 


Calendar Publishing Host Admin Web Console 


Web Page 
WebAccess 
Calendar Publishing 


Free/Busy Publishing 


GroupWise URLs 
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Linux Commands, Directories, and 
Files for GroupWise Administration 


Some GroupWise administrators might be new to the Linux operating system. This appendix 
provides basic Linux commands, directories, and files to assist you if are running GroupWise on 
Linux for the first time. 

+ Section C.1, “Linux Operating System Commands,” on page 1179 

+ Section C.2, “GroupWise Directories and Files on Linux,” on page 1183 


+ Section C3, “Linux GroupWise Commands,” on page 1184 


C.1 Linux Operating System Commands 


This section lists Linux commands that can help you manage your GroupWise system on Linux. It 
also helps you create a Linux core file if you need Support assistance with the Linux GroupWise 
agents. 

+ Section C.1.1, “Basic Commands,” on page 1179 

+ Section C.1.2, “File and Directory Commands,” on page 1180 

+ Section C.1.3, “Process Commands,” on page 1180 

+ Section C.1.4, “Disk Usage Commands,” on page 1181 

+ Section C.1.5, “Package Commands,” on page 1181 

+ Section C.1.6, “File System Commands,” on page 1181 

+ Section C.1.7, “Network Commands,” on page 1182 

+ Section C.1.8, “Linux Core File,” on page 1182 


C.11 Basic Commands 


The following basic commands are available on Linux: 


Command Description 


man command Displays information about any Linux command, including the commands used to start 
GroupWise programs. 


whoami Displays who you are logged in as. 


uname -a Displays the kernel version, along with other useful information 
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C.1.2 


C.1.3 


File and Directory Commands 


The following file and directory commands are available on Linux: 


Command 
pwd 


ls -1 


ls -al 


more file name 


less file name 
tail file name 


cp source destination 
mv source destination 


find starting directory 
-name file name 


grep String file 


mkdir directory name 
rmdir directory name 
rm file name 
rm -r directory name 
cat file name 


cat file name / 
printer device 


Process Commands 


Description 


Displays your current directory (“print working directory”). 


Lists the files in the current directory, along with useful information about 
them. 


Includes hidden system files (those whose names start with a dot) in the list. 
Pages through the contents of a file (forward only). 


Pages through the contents of a file and lets you page back up through the 
file. 


Displays the last 10 lines of a file. This is helpful for log files. (The head 
commands displays the first 10 lines.) 


Copies a file or directory. 
Moves or renames a file or directory. 


Find the specified file, starting in the specified directory. Specifying / starts 
the find operation in the root directory. 


Searches the specified file for the specific string of characters. This is useful 
for locating specific information in GroupWise agent startup files. 


Creates a new directory. 

Deletes an empty directory. 

Deletes a file. 

Deletes a directory and recursively deletes its contents. 
Displays a file. 


Prints a file. 


The following process commands are available on Linux: 


Command 


top 


ps -eaf | grep program 


ps -aux | grep user name 


kill process_ID 


Description 


Lists all processes, sorted by CPU percentage with the highest at the top of 
the list. 


Lists all processes and their IDs associated with the specified program. 
Wildcard characters can be used to list a group of related programs (for 
example, gw*). 


Lists all processes and their IDs associated with the specified user. 


Stops the specified process like a normal exit. 


1180 GroupWise 2012 Administration Guide 


C.1.4 


C.1.5 


C.1.6 


Command Description 


kill -9 process_ID Stops the specified process after it has failed to exit normally. Temporary 
files are not cleaned up. 


killall program Kills all processes associated with the specified program. 


xkill Closes the window that you click on with the resulting box-shaped cursor. 


Disk Usage Commands 


The following disk usage commands are available on Linux: 


Command Description 

df Lists file system disk space usage in terms that make sense to your 
computer. 

df -h Lists file system disk space usage in terms that make sense to humans. 

du Lists disk space usage of each subdirectory below your current working 
directory 

du -s Lists the cumulative disk space usage of your current working directory. 


du -s file or directory Lists the disk space usage for a file or the cumulative disk space usage for a 
directory and its contents. 


Package Commands 


The following package commands are available on Linux: 


Command Description 
rpm -qa | grep novell Lists all Novell packages installed on your server 
rpm -qi package name Lists useful information about an installed package, such as name, version, 


release date, install date, size description, build date, and so on. 
rpm -ql package name Lists where each file in the package has been installed 


rpm -e package name Uninstalls a package 


File System Commands 


The following file system commands are available on Linux: 


Command Description 


mount Lists the file systems that are currently 
mounted on your server. 
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C.1.7 


C.1.8 


Command 


ncpmount -S fully gualified hostname 
-V volume name -A ip address 
-U fully gualified admin user 
/linux mount directory 


mount -t smbfs 
//fully gualified hostname/windows share name 
/linux mount directory 
-o username=windows administrator 


mount -t cifs 
//fully gualified hostname/windows share name 
/linux mount directory 
-o username=windows administrator,noserverino 


The noserverino option uses client-generated inode numbers 
instead of server-generated inode numbers, which produces a 
more reliable CIFS mount. 


Network Commands 


The following network commands are available on Linux: 


Command Description 


ifconfig -a 
your Linux Server. 


hostname 


Description 


Mounts a Linux filesystem to a Linux 
server. 


For more information, see “Mounting an 
OES Linux File System Using NetWare 
Core Protocol (NCP)” on page 42. 


Mounts a Windows Server or Samba 
share as a file system on your Linux 
server. 


For more information, see “Mounting a 
SLES File System Using Samba” on 
page 43 or “Making a Windows Server 
Visible in Linux ConsoleOne” on page 49. 


Mounts a Windows Server or Samba 
share as a file system on your Linux 
server. 


For more information, see “Mounting a 
SLES File System Using Samba” on 
page 43 or “Making a Windows Server 
Visible in Linux ConsoleOne” on page 49. 


Lists the IP address and other detailed information about the NIC in 


Displays the hostname of your server. 


dig Displays host information about your server 


netstat -lnp | grep program 
netstat -lnp | egrep 
‘program|program|...' 


ping ip address or hostname 


Linux Core File 


Lists the port numbers in use by one or more programs. It is also a 
handy command for checking to see whether the specified 
programs are currently running. 


Checks to see ifthe specified server is responding on the network. 


A core file is animage of a process such as a GroupWise agent that is created by the Linux operating 
system when the agent terminates unexpectedly. A proper core file can help Novell Support 
determine why a Group Wise agent is having problems in your GroupWise system. See TID 3447847, 
“How to Obtain a GroupWise Agent Core File on Linux,” in the Novell Support Knowledgebase 


(http://www.novell.com/support). 
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C.2 


C.2.1 


C.2.2 


C.2.3 


GroupWise Directories and Files on Linux 


+ Section C.2.1, “Component Installation Directories on Linux,” on page 1183 


+ Section C.2.2, “Linux Agent Software Subdirectories,” on page 1183 


+ Section C.2.3, “Linux Agent Startup and Configuration Files,” on page 1183 


Component Installation Directories on Linux 


GroupWise 2012 Troubleshooting 3: Message Flow and Directory Structure illustrates the following 
directory structures where software and data are located in a GroupWise system on Linux: 


* “Linux MTA, POA, and DVA Installation Directory” for the GroupWise agents 
+ “Linux Internet Agent Installation Directory” for the GWIA 


+ “Linux Monitor Agent Installation Directory” for Monitor 


+ “Web Application Installation Directories on Your Web Server” for the GroupWise Web 
applications (WebAccess, Calendar Publishing Host, and Monitor 


+ “Linux Software Distribution Directory” 


Linux Agent Software Subdirectories 


The following directories contain files common to all Linux GroupWise agents: 


Directory 
/opt/novell/groupwise/agents/bin 
/opt/novell/groupwise/agents/lib 
/opt/novell/groupwise/agents/share 
/etc/init.d 
/etc/opt/novell/groupwise 


/var/log/novell/groupwise 


Description 

Executables 

Libraries 

Startup files and language files 
Startup scripts 

Configuration files 


Log files 


Linux Agent Startup and Configuration Files 


The following files are commonly used during GroupWise administration on Linux: 


File 


/opt /novell/groupwise/agents/share/ 
post_office.poa 


/opt/novell/groupwise/agents/share/ 
domain.mta 


/opt /novell/groupwise/agents/share/ 
gwdva.dva 


/opt /novell/groupwise/agents/share/ 
gwia.cfg 


Description 


POA startup file 


MTA startup file 


DVA configuration file 


GWIA configuration file 
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File Description 


/var/opt/novell/groupwise/webaccess/ WebAccess Application configuration file 
webacc.cfg 


/opt/novell/groupwise/agents/share/ Monitor Agent configuration file 

monitor.xml 

/var/opt/novell/groupwise/monitor/ Monitor Application configuration file 

gwmonitor.cfg 

/etc/xinetd.d/gwha High Availability service definition file 
/etc/opt/novell/groupwise/ High Availability service configuration file for controlling 
gwha.conf the agents 
/etc/opt/novell/groupwise/agents/ Non-root user configuration file 

uid.conf 


C.3 Linux GroupWise Commands 


Command Description 


./grpwise start Starts/stops/monitors all GroupWise agents 
-/grpwise stop as daemons in the /etc/init.d directory. 


-/grpwise status 
./grpwise print 


rcgrpwise start Starts/stops/monitors all GroupWise agents 
rcgrpwise stop as daemons in any directory. 

rcgrpwise status 

rcgrpwise print 


rcgrpwise start Starts/stops/monitors a specific GroupWise 
post office.domain agent as a daemon. 

rcgrpwise start domain 

regrpwise start gwdva Replace start with stop or status in any 


rcgrpwise domain.gwia start of the sample commands. 


./gwpoa --show Starts a specific GroupWise agent with a user 
epost office.poa t — interface in the /opt /novell/groupwise/ 
4 / gwmta --show @domain .mta & agents/bin directory. 

./gwia --show @gwia.cfg & 


./grpwise-ma start Starts/stops/monitors the Monitor Agent. 
./grpwise-ma stop 
./grpwise-ma status The Monitor Agent does not have the same 


kind of user interface as the other agents. It 


regrpwise-ma start does have a Web console like the other 
rcgrpwise-ma stop agents 


rcgrpwise-ma status 
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D.1 


Documentation Updates 


This section lists updates to the Group Wise 2012 Administration Guide that have been made since the 
initial release of GroupWise 2012. The information helps you to keep current on documentation 
updates and, in some cases, software updates (such as a Support Pack release). 


The information is grouped according to the date when the Group Wise 2012 Administration Guide was 
republished. Within each dated section, the updates are listed by the names of the main table of 
contents sections. 


The GroupWise 2012 Administration Guide has been updated on the following dates: 


+ Section D.1, “April 16, 2013 (GroupWise 2012 SP2),” on page 1185 
+ Section D.2, “September 20, 2012 (GroupWise 2012 SP1),” on page 1187 
+ Section D.3, “August 18, 2014 (GroupWise 2012 SP3),” on page 1189 


April 16, 2013 (GroupWise 2012 SP2) 


Location Change 

System 

Section 2.1, “ConsoleOne on Added steps for manually installing IBM JRE 1.5 and declining installation of 
Linux,” on page 39 the bundled JRE 1.4.2, 


“Mounting a Samba Share” on Added the noserverino option to the CIFS mount command. 
page 45 


“Making a Windows Server 
Visible in Linux ConsoleOne” on 
page 49 


Post Offices 


Section 12.4, “Auditing Mailbox Clarified that mobile device access by Novell Data Synchronizer requires 


License Usage in the Post only a limited client license; clarified that an external entity mailbox reguires 
Office,” on page 207 a full client license. 

Users 

Section 14.7.4, “Creating a Added that user nicknames are visible in the GroupWise Address Book if 
Nickname for a User,” on you filter for them. 

page 252 

Section 14.10, “Unlocking Added instructions for unlocking a user account after intruder detection has 
GroupWise Accounts,” on locked the user out. 

page 254 

Resources 


Documentation Updates 1185 


Location Change 


Section 15.1.2, “Resource Added the new role resource. 
Types,” on page 265 


Section 15.1.4, “Resource Explained how to add a password to a resource mailbox. 
Owners,” on page 266 


Section 16.7.3, “Creating a Added that resource nicknames are visible in the GroupWise Address Book 
Nickname for a Resource,” on if you filter for them. 
page 276 


Distribution Lists, Groups, and 
Organizational Roles 


Section 18.9.3, “Creating a Added that distribution list nicknames are visible in the GroupWise Address 
Nickname for a Distribution List,” Book if you filter for them. 
on page 297 


Post Office Agent 


Section 36.4.1, “Scheduling Specified the maximum length for scheduled event names and action 
Database Maintenance,” on names. 
page 517 


Message Transfer Agent 


Section 42.2.3, “Enabling Added a link to the GroupWise/Exchange Coexistence Guide. 
Exchange Address Book 
Synchronization,” on page 645 


Section 42.4.1, “Using eDirectory Specified the maximum length for schedule event names. 
User Synchronization,” on 


page 652 

WebAccess 

Section 62.2.5, “Controlling Improved the instructions for allowing and preventing user access to 
WebAccess Usage,” on WebAccess. 

page 909 


Section 62.3.1, “Customizing the Clarified that the logo images files should be located under your Web 
WebAccess User Interface with  server's document root directory. 

Your Company Logo,” on 

page 911 


Calendar Publishing Host 


Section 64.2.2, “Setting the Improved the example of the usefulness of the Auto-Refresh Interval 
Published Calendar Auto- settings. 

Refresh Interval,” on page 928 

Client 

“Send Options: Disk Space Clarified that the Limits Apply to Cache option also applies to Remote 
Management” on page 1059 mailboxes. 


Security Administration 


“Linux: Using OpenSSL” on Added the -key parameter to the openss1 command. 
page 1109 
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D.2 


Location 


Section 83.2.2, “Generating a 
Self-Signed Certificate,” on 
page 1111 


Appendixes 


Section C.1.6, “File System 
Commands,” on page 1181 


Change 


Updated the reference for the Novell Certificate Server to refer to the Open 
Enterprise Server documentation. 


Added the noserverino option to the CIFS mount command. 


September 20, 2012 (GroupWise 2012 SP1) 


Location 


System 


Section 3.3.1, “Changing the 
Column Display and Order,” on 
page 64 


Section 7.1, “GroupWise User 
Languages,” on page 123 


Domains 


Section 8.3.1, “Creating the New 


Domain,” on page 139 
Post Offices 


Section 11.3.1, “Creating the 
New Post Office,” on page 181 


Section 12.6, “Tracking and 
Restricting Client Access to the 
Post Office,” on page 209 


Users 


“Creating GroupWise Accounts 
for eDirectory Users” on 
page 220 


“Adding a Global Signature to 
Users' Messages” on page 231 


Resources 


“Creating Rules for a Resource” 
on page 269 


Databases 


“Setting Up a Restore Area” on 
page 435 


Post Office Agent 


Change 


Provided examples of useful information to add to object listings in 
ConsoleOne. 


Added Bulgarian and Turkish as fully supported in WebAccess. 


Added a step for handling the situation where the location for the new 
domain is on a different machine from where you are running ConsoleOne. 


Added a step for handling the situation where the location for the new post 
office is on a different machine from where you are running ConsoleOne. 


Provided an example of how to specify the GroupWise 2012 minimum client 
release version. 


Removed the sections titled “Using a Template to Create GroupWise 
Accounts” and “Creating GroupWise Accounts by Importing Users.” You 
should no longer use ConsoleOne to create User objects in eDirectory. You 
should use iManager instead. 


Clarified the note so that it pertains only to external messages. 


Added instructions for creating auto-accept/decline rules. 


Clarified that the name of the restore area directory must follow the same 
conventions as a post office directory. 


Documentation Updates 
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Location 


“Using an SNMP Management 
Console” on page 553 


“Configuring a Dedicated Client/ 
Server POA (Windows Only)” on 
page 562, Section 38.2.2, 
“Configuring a Dedicated 
Message File Processing POA 
(Windows Only),” on page 565, 
Section 38.4.2, “Configuring a 
Dedicated Database 
Maintenance POA (Windows 
Only),” on page 568, and 
Section 39.5, “Configuring a 
Dedicated Indexing POA 
(Windows Only),” on page 577 


“Enabling the Document Viewer 
Agent (DVA) for Indexing” on 
page 576 


Message Transfer Agent 


“Using an SNMP Management 
Console” on page 679 


Document Vlewer Agent 


“Windows: Installing Additional 
DVAs” on page 716 


Internet Agent 


“Using an SNMP Management 
Console” on page 553 


“--msstu” on page 867 


WebAccess 


Section 62.3.1, “Customizing the 


WebAccess User Interface with 
Your Company Logo,” on 
page 911 


Section 62.3.6, “Enabling an 
LDAP Address Book,” on 
page 916 


Calendar Publishing Host 


Section 64.2.4, “Configuring an 
External POA IP Address,” on 
page 929 


Client 


Section 76.2, “Setting Client 
Options,” on page 1030 


Change 


Improved the instructions for setting up the POA to work with the SNMP 
Service on Windows. 


Clarified that configuring more than one POA is useful only on Windows. 


Clarified the advantages of using the DVA instead of the DCA for indexing. 


Improved the instructions for setting up the MTA to work with the SNMP 
Service on Windows. 


Corrected the instructions for installing the DVA independently on a 
Windows server. 


Improved the instructions for setting up the GWIA to work with the SNMP 
Service on Windows. 


Clarified that this switch pertains to the sender’s address, not the recipients’ 
addresses. 


Added instructions for customizing the WebAccess interface for your 
company logo. 


Added instructions for enabling an LDAP address book for WebAccess 


users. 


Corrected the default calendar publishing port number. 


Clarified how locks work. 
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D.3 


Location Change 


Section 77.1, “Using GroupWise Improved the SetuplP instructions. 
AutoUpdate and SetuplP to 

Distribute the GroupWise 

Windows Client,” on page 1069 


Security Administration 


“Generating a Certificate Signing Provided alternatives to GWCSRGEN for creating a CSR. 
Reguest” on page 1107 


Appendixes 


“User URLS” on page 1177 Added the Calendar Publishing Host free/busy URL. 


August 18, 2014 (GroupWise 2012 SP3) 


Location Change 

WebAccess 

Section 63.2.2, “Configuring Added information about proper use ofthe Log.path entry of 
WebAccess Application Log webacc.cfg. 


Settings,” on page 918 


Documentation Updates 
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